Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-43638: Windows USB Video Class System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows USB Video Driver#Security Vulnerability
CVE-2024-43630: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.

CVE-2024-43623: Windows NT OS Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43530: Windows Update Stack Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43613: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role.

CVE-2024-49042: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with the administrator role of "azure\_pg\_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.

CVE-2024-10827: Chromium: CVE-2024-10827 Use after free in Serial

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

CVE-2024-10826: Chromium: CVE-2024-10826 Use after free in Family Experiences

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92