CVE-2024-38016: Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2024-43460: Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVE-2024-38183: GroupMe Elevation of Privilege Vulnerability

CVE-2024-8639: Chromium: CVE-2024-8639 Use after free in Autofill

CVE-2024-8638: Chromium: CVE-2024-8638 Type Confusion in V8

**According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?**

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

The privilege requirement is low because the attacker needs to be authenticated as a normal user.

Headline

CVE-2023-36415: Azure Identity SDK Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News