Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-39684: Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.

Microsoft Security Response Center
Open in Source
#vulnerability#js#git#Active Directory Rights Management Services#Security Vulnerability
CVE-2024-38105: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2024-38101: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2024-38099: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to possess advanced reverse engineering skills to identify and gain unauthorized access to specific remote procedure call (RPC) endpoints.

CVE-2024-38078: Xbox Wireless Adapter Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

CVE-2024-38094: Microsoft SharePoint Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability?** An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

CVE-2024-38092: Azure CycleCloud Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.

CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38079: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38089: Microsoft Defender for IoT Elevation of Privilege Vulnerability

The following mitigating factor might be helpful in your situation: Consider upgrading to Defender for IoT version 24.1.4 or newer.