Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. "Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr. Mordechai Guri, the head of

The Hacker News
Open in Source
#vulnerability#android#windows#auth#The Hacker News
Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets

A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.

CVE-2024-38260: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-38263: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-37335: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.

CVE-2024-37966: Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.

CVE-2024-37338: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.

CVE-2024-38018: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.

CVE-2024-26191: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.

CVE-2024-26186: Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an authenticated attacker to leverage SQL Server Native Scoring to apply pre-trained models to their data without moving it out of the database.