SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact Us#ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
Published: 2024-04-16
Last Updated: 2024-04-16 21:14:12 UTC
by Johannes Ullrich (Version: 1)
The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits.
We have gotten several reports of exploits being attempted against GlobalProtect installs. In addition, we see scans for the GlobalProtect login page, but these scans predated the exploit. VPN gateways have always been the target of exploits like brute forcing or credential stuffing attacks. ...
The exploit does exploit a path traversal vulnerability. The session ID ("SESSID" cookie) creates a file. This vulnerability can create a file in a telemetry directory, and the content will be executed (see the Watchtwr blog for more details).
Read the full entry:
Quick Palo Alto Networks Global Protect Vulnerability Update (CVE-2024-3400)
Published: 2024-04-15
Last Updated: 2024-04-15 23:56:55 UTC
by Johannes Ullrich (Version: 1)
This is a quick update to our initial diary from this weekend [CVE-2024-3400].
At this point, we are not aware of a public exploit for this vulnerability. The widely shared GitHub exploit is almost certainly fake.
As promised, Palo Alto delivered a hotfix for affected versions on Sunday (close to midnight Eastern Time).
One of our readers, Mark, observed attacks attempting to exploit the vulnerability from two IP addresses:
*An Akamai/Linode IP address. We do not have any reports from this IP address. Shodan suggests that the system may have recently hosted a WordPress site.
*A system in Singapore that has been actively scanning various ports in March and April.
According to Mark, the countermeasure of disabling telemetry worked. The attacks where directed at various GlobalProtect installs, missing recently deployed instances. This could be due to the attacker using a slightly outdated target list.
Please let us know if you observe any additional attacks or if you come across exploits for this vulnerability.
Read the full entry:
Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)
Published: 2024-04-13
Last Updated: 2024-04-15 12:28:02 UTC
by Johannes Ullrich (Version: 1)
On Friday, Palo Alto Networks released an advisory warning users of Palo Alto's Global Protect product of a vulnerability that has been exploited since March [1].
Volexity discovered the vulnerability after one of its customers was compromised [2]. The vulnerability allows for arbitrary code execution. A GitHub repository claimed to include an exploit (it has been removed by now). But the exploit may have been a fake and not the actual exploit. It appeared a bit too simplistic (hopefully). I had no chance to test it.
Assume Compromise
According to Volexity, exploit attempts for this vulnerability were observed as early as March 26th.
Workarounds
GlobalProtect is only vulnerable if telemetry is enabled. Telemetry is enabled by default, but as a "quick fix", you may want to disable telemetry. Palo Alto Threat Prevention subscribers can enable Threat ID 95187 to block the exploit.
Patch
A patch was made available late on April 14th. Consider expediting the patch, but some testing should be performed to mitigate the risk of a "rushed out" patch.
[1] https://security.paloaltonetworks.com/CVE-2024-3400
[2] https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400
Read the full entry:
Malicious PDF File Used As Delivery Mechanism (2024.04.17)
https://isc.sans.edu/diary/Malicious+PDF+File+Used+As+Delivery+Mechanism/30848/
Rolling Back Packages on Ubuntu/DebianRolling Back Packages on Ubuntu/Debian (2024.04.16)
https://isc.sans.edu/diary/Rolling+Back+Packages+on+UbuntuDebian/30842/
Building a Live SIFT USB with Persistence (2024.04.12)
https://isc.sans.edu/diary/Building+a+Live+SIFT+USB+with+Persistence/30832/
Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness (2024.04.11)
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Palo Alto Networks PAN-OSCVSS Score: 10.0** KEV since 2024-04-12 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3400ISC Diary: https://isc.sans.edu/diary/30834ISC Podcast: https://isc.sans.edu/podcastdetail/8938NVD References: - https://security.paloaltonetworks.com/CVE-2024-3400- https://unit42.paloaltonetworks.com/cve-2024-3400/- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/CVE-2024-24576 - Rust had a critical vulnerability in its standard library prior to version 1.77.2 on Windows, allowing attackers to execute arbitrary shell commands by bypassing escaping when invoking batch files with untrusted arguments.Product: RustCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24576ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: - https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput- https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg- https://doc.rust-lang.org/std/process/struct.Command.html- https://doc.rust-lang.org/std/process/struct.Command.html#method.arg- https://doc.rust-lang.org/std/process/struct.Command.html#method.args- https://github.com/rust-lang/rust/issues- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/- https://www.rust-lang.org/policies/securityCVE-2024-20758 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier contain an Improper Input Validation vulnerability that could allow arbitrary code execution without user interaction, with a high attack complexity.Product: Adobe CommerceCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20758ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.htmlCVE-2024-20759 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are vulnerable to stored Cross-Site Scripting (XSS) allowing high-privileged attackers to inject malicious scripts into form fields, potentially executing malicious JavaScript in victim browsers with high admin impact.Product: Adobe CommerceCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20759ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.htmlCVE-2024-29990 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityProduct: Microsoft Azure Kubernetes ServiceCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29990MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990CVE-2024-26234 - Proxy Driver Spoofing VulnerabilityProduct: Microsoft Windows ServerCVSS Score: 6.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26234ISC Podcast: https://isc.sans.edu/podcastdetail/8934MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234CVE-2023-6318 through CVE-2023-6320 - LG webOS multiple vulnerabilitiesProduct: LG webOSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6318NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6319NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6320NVD References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/CVE-2023-41677 - Fortinet FortiProxy and FortiOS are vulnerable to unauthorized code execution through targeted social engineering attacks due to insufficiently protected credentials.Product: Fortinet FortiProxyCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41677ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://fortiguard.com/psirt/FG-IR-23-493CVE-2023-45590 - Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 is vulnerable to code injection attacks, enabling malicious execution of unauthorized code via visit to a malicious website.Product: Fortinet FortiClientLinuxCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45590NVD References: https://fortiguard.com/psirt/FG-IR-23-087CVE-2024-1813 - The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection up to version 2.11.0, allowing unauthenticated attackers to inject a PHP Object and potentially delete files, retrieve data, or execute code.Product: WordPress Simple Job Board pluginCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1813NVD References: - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=- https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cveCVE-2024-2804 - The Network Summary plugin for WordPress is vulnerable to SQL Injection through the 'category' parameter in …
Product: Rust
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24576
ISC Podcast: https://isc.sans.edu/podcastdetail/8934
NVD References:
- https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput
- https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg
- https://doc.rust-lang.org/std/process/struct.Command.html
- https://doc.rust-lang.org/std/process/struct.Command.html#method.arg
- https://doc.rust-lang.org/std/process/struct.Command.html#method.args
- https://github.com/rust-lang/rust/issues
- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh
Product: Adobe Commerce
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20758
ISC Podcast: https://isc.sans.edu/podcastdetail/8934
NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html
Product: Adobe Commerce
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20759
ISC Podcast: https://isc.sans.edu/podcastdetail/8934
NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html
Product: Microsoft Azure Kubernetes Service
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29990
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990
Product: Microsoft Windows Server
CVSS Score: 6.7
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26234
ISC Podcast: https://isc.sans.edu/podcastdetail/8934
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
Product: LG webOS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6318
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6319
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6320
NVD References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
Product: Fortinet FortiProxy
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41677
ISC Podcast: https://isc.sans.edu/podcastdetail/8934
NVD References: https://fortiguard.com/psirt/FG-IR-23-493
Product: Fortinet FortiClientLinux
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45590
NVD References: https://fortiguard.com/psirt/FG-IR-23-087
Product: WordPress Simple Job Board plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1813
NVD References:
Product: WordPress Network Summary plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2804
NVD References:
Product: MasterStudy LMS plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3136
NVD References:
Product: Sngrep
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3119
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3120
NVD References:
- https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f
- https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6
Product: Traccar
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31214
NVD References:
- https://github.com/traccar/traccar/blob/master/src/main/java/org/traccar/model/Device.java#L56
- https://github.com/traccar/traccar/commit/3fbdcd81566bc72e319ec05c77cf8a4120b87b8f
- https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9
Product: Plane open-source project management toolCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31461NVD References: - https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005- https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c- https://github.com/makeplane/plane/pull/3323- https://github.com/makeplane/plane/pull/3333- https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6CVE-2024-31465, CVE-2024-31981 through CVE-2024-31984, CVE-2024-31986 through CVE-2024-31988, CVE-2024-31996, CVE-2024-31997 - XWiki Platform multiple remote code execution vulnerabilitiesCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31465NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31981NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31982NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31983NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31984NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31986NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31987NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31988NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31996NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31997NVD References: - https://jira.xwiki.org/browse/XWIKI-21474- https://jira.xwiki.org/browse/XWIKI-21337- https://jira.xwiki.org/browse/XWIKI-21472- https://jira.xwiki.org/browse/XWIKI-21411- https://jira.xwiki.org/browse/XWIKI-21471- https://jira.xwiki.org/browse/XWIKI-21416- https://jira.xwiki.org/browse/XWIKI-21478- https://jira.xwiki.org/browse/XWIKI-21424- https://jira.xwiki.org/browse/XWIKI-21438- https://jira.xwiki.org/browse/XWIKI-21335CVE-2024-25912 - Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.Product: Skymoonlabs MoveToCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25912NVD References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cveCVE-2024-21508 - MySQL2 before 3.9.4 allows for Remote Code Execution through improper validation of supportBigNumbers and bigNumberStrings values in the readCodeFor function.Product: MySQL2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21508NVD References: - https://blog.slonser.info/posts/mysql2-attacker-configuration/- https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21- https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805- https://github.com/sidorares/node-mysql2/pull/2572- https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085CVE-2023-51409 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted file upload with dangerous types from version n/a through 1.9.98.Product: Jordy Meow ChatGPT ChatbotCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51409NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cveCVE-2024-3704 - OpenGnsys product version 1.1.1d (Espeto) is vulnerable to SQL Injection, allowing attackers to inject malicious code and access sensitive database information.Product: OpenGnsysCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3704NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsysCVE-2024-28878 - IO-1020 Micro ELD is vulnerable to code execution attacks due to downloading and running unverified code from nearby sources.Product: IO-1020 Micro ELDCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28878NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01CVE-2024-3765 - Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M are vulnerable to a critical manipulation vulnerability in the Sofia Service component, allowing for improper access controls and remote attacks.Product: Xiongmai Sofia ServiceCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3765NVD References: - https://github.com/netsecfish/xiongmai_incorrect_access_control- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py- https://vuldb.com/?ctiid.260605- https://vuldb.com/?id.260605- https://vuldb.com/?submit.311903CVE-2024-29836 & CVE-2024-29844 - Evolution Controller multiple vulnerabilitiesProduct: Evolution Networks Evolution ControllerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29836NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29844NVD References: https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.htmlCVE-2024-3777 - The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any u…
Product: MySQL2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21508
NVD References:
- https://blog.slonser.info/posts/mysql2-attacker-configuration/
- https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21
- https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805
- https://github.com/sidorares/node-mysql2/pull/2572
- https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4
Product: Jordy Meow ChatGPT Chatbot
CVSS Score: 10.0
Product: OpenGnsys
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3704
NVD References:
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys
Product: IO-1020 Micro ELD
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28878
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01
Product: Xiongmai Sofia Service
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3765
NVD References:
- https://github.com/netsecfish/xiongmai_incorrect_access_control
- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py
- https://vuldb.com/?ctiid.260605
Product: Evolution Networks Evolution Controller
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29836
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29844
NVD References:
Product: Ai3 QbiBot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3777
NVD References: https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html
Product: Realtyna Organic IDX plugin
CVSS Score: 9.3
Product: WBSAirback 21.02.04
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3781
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions
Product: Combodo iTop
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48710
NVD References:
- https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26
- https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc
Product: Kohya_ss
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32022
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32025
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32026
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32027
NVD References: https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1
NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-m6jq-7j4v-2fg3
NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c
NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-v5cm-33w8-xrj6
NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83
Product: Oracle Hospitality SimphonyCVSS Score: 9.8 - 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20997NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21010NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21014NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-21071 - Oracle Workflow in Oracle E-Business Suite versions 12.2.3-12.2.13 is susceptible to an easily exploitable vulnerability that allows a high privileged attacker to compromise the system and potentially impact additional products.Product: Oracle E-Business SuiteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21071NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-21082 - The Oracle BI Publisher product of Oracle Analytics (component: XML Services) has a critical vulnerability that can be exploited by an unauthenticated attacker with network access via HTTP to compromise and takeover Oracle BI Publisher.Product: Oracle BI PublisherCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21082NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-20670 - Outlook for Windows Spoofing VulnerabilityProduct: Microsoft OutlookCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20670MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670CVE-2024-20678 - Remote Procedure Call Runtime Remote Code Execution VulnerabilityProduct: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20678MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678CVE-2024-20688, CVE-2024-20689, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28896, CVE-2024-28920, CVE-2024-28925, CVE-2024-29061, & CVE-2024-29061 - Secure Boot Security Feature Bypass VulnerabilitiesProduct: Microsoft WindowsCVSS Scores: 7.1 - 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20688NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20689NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26175NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26180NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26189NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26194NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26240NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28896NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28920NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28925NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29061NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29062MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote…
Product: Oracle BI Publisher
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21082
NVD References: https://www.oracle.com/security-alerts/cpuapr2024.html
Product: Microsoft Outlook
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20670
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670
Product: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20678MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678CVE-2024-20688, CVE-2024-20689, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28896, CVE-2024-28920, CVE-2024-28925, CVE-2024-29061, & CVE-2024-29061 - Secure Boot Security Feature Bypass VulnerabilitiesProduct: Microsoft WindowsCVSS Scores: 7.1 - 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20688NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20689NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26175NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26180NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26189NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26194NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26240NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28896NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28920NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28925NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29061NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29062MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityProduct: Microsoft .NET Framework and Visual StudioCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409CVE-2024-21447 - Windows Authentication Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447CVE-2024-26158 - Microsoft Install Service Elevation of Privilege VulnerabilityProduct: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP …
CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityProduct: Microsoft .NET Framework and Visual StudioCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409CVE-2024-21447 - Windows Authentication Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447CVE-2024-26158 - Microsoft Install Service Elevation of Privilege VulnerabilityProduct: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP Server Service Remote Code Execution VulnerabilitiesProduct: Microsoft DHCP Server ServiceCVSS Score: 7.2 - 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215CVE-2024-26208 & CVE-2024-26232 - Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilitiesProduct: Microsoft Message Queuing (MSMQ)CVSS Scores: 7.2 - 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 CVE-2024-26210 & CVE-2024-26244- Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilitiesProduct: Microsoft WDAC OLE DB ProviderCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244CVE-2024-26214 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft SQL Server ODBC DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214CVE-2024-26216 - Windows File Server Resource Management Service Elevation of Privilege VulnerabilityProduct: Microsoft Windows File ServerCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216 CVE-2…
Product: Microsoft .NET Framework and Visual Studio
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409
Product: Microsoft Windows
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
Product: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP Server Service Remote Code Execution VulnerabilitiesProduct: Microsoft DHCP Server ServiceCVSS Score: 7.2 - 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215CVE-2024-26208 & CVE-2024-26232 - Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilitiesProduct: Microsoft Message Queuing (MSMQ)CVSS Scores: 7.2 - 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 CVE-2024-26210 & CVE-2024-26244- Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilitiesProduct: Microsoft WDAC OLE DB ProviderCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244CVE-2024-26214 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft SQL Server ODBC DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214CVE-2024-26216 - Windows File Server Resource Management Service Elevation of Privilege VulnerabilityProduct: Microsoft Windows File ServerCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216 CVE-2024-26219 - HTTP.sys Denial of Service VulnerabilityProduct: Microsoft HTTP.sysCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26219MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219CVE-2024-26221 through CVE-2024-26224, CVE-2024-26227 - Windows DNS Server Remote Code Execution VulnerabilitiesProduct: Windows DNS ServerCVSS Score: 7.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26221NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26222NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26223NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26224NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26227MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227CVE-2024-26231 & CVE-2024-26233 - Windows DNS Server Remote Code Execution VulnerabilityProduct: Microsoft Windows DNS ServerCVSS Score: 7.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26231NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26233MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233CVE-2024-26228 - Windows Cryptographic Services Security Feature Bypass VulnerabilityProduct: Microsoft Windows Cryptographic ServicesCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26228MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228CVE-2024-26229 - Windows CSC Service Elevation of Privilege VulnerabilityProduct: Windows CSC ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26229MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229CVE-2024-26235 & CVE-2024-26236 - Windo…
Product: Microsoft DHCP Server Service
CVSS Score: 7.2 - 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215
Product: Microsoft Message Queuing (MSMQ)
CVSS Scores: 7.2 - 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232
Product: Microsoft WDAC OLE DB Provider
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244
Product: Microsoft SQL Server ODBC Driver
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214
Product: Microsoft Windows File Server
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216
Product: Microsoft HTTP.sys
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26219
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219
Product: Windows DNS Server
CVSS Score: 7.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26221
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26222
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26223
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26224
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26227
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227
Product: Microsoft Windows DNS Server
CVSS Score: 7.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26231
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26233
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233
Product: Microsoft Windows Cryptographic Services
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26228
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228
Product: Windows CSC Service
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26229
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229
Product: Microsoft Windows Update Stack
CVSS Score: 7.0 - 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26235
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26236
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236
Product: Microsoft Windows Defender
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26237
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237
Product: Microsoft Windows Telephony Server
CVSS Scores: 7.0 - 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26230
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26239
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26242
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242
Product: Microsoft Win32k
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26241
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241
Product: Windows USB Print Driver
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26243
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243
Product: Microsoft Windows SMB
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26245
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245
Product: Microsoft Windows Kerberos
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26248
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248
Product: Microsoft Virtual Machine Bus (VMBus)
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26254
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254
Product: libarchive
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26256
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256
Product: Microsoft Excel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26257
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257
Product: Microsoft Brokering File System
CVSS Scores: 7.0.- 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26213
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28904
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28905
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28907
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907
Product: Microsoft ODBC Driver for SQL Server
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28929
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28930
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28931
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28932
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28933
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28934
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28935
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28936
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28937
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28938
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28941
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28943
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29043
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043
Product: Microsoft OLE DB Driver for SQL Server
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28939
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28940
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28942
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28944
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28945
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29044
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29045
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29046
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29047
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29048
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048
Product: Microsoft Windows Remote Access Connection Manager
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26211
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211
Product: Microsoft Windows Cryptographic Services
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29050
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29050
Product: Microsoft Windows Storage
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29052
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052
Product: Azure AI Search
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29063
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063
Product: Microsoft Windows Distributed File System (DFS)
CVSS Score: 7.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29066
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29066
Product: Microsoft SmartScreen Prompt
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29988
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988
Product: Microsoft Azure Monitor Agent
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29989
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989
Product: Microsoft Azure CycleCloud
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29993
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993
Product: Lenovo Windows 7 and 8
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23593
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-23593
Unlock the Secrets of AI Code Security! Did you know that less than 10% of organizations automate most security scanning, while a staggering 80% of developers sidestep AI code security policies? The takeaway? Enhanced security measures, automation, and education are crucial to mitigate these risks. Dive into Snyk's AI Code Security Report for deeper insights.
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.
Do You Know Where Your Data Is? | April 25 at 1:00pm ET | Tune in as we dive into the results and key findings of our Endpoint Data Survey. Our presenters will provide insight into the strategies that organizations are using to protect against the loss of such data.
Unleashing Secure Access with an Identity-Centric Zero Trust Network Access Solution: Microsoft Entra Private Access | May 1 at 3:30 pm ET | Join us to explore how you can enable secure access to any app or resource, from anywhere using Microsoft’s identity-centric Security Service Edge solution.