Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2024-26199: Microsoft Office Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

Microsoft Security Response Center
#vulnerability#microsoft#auth#Microsoft Office#Security Vulnerability
CVE-2024-21441: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2024-21430: Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms.

CVE-2024-20671: Microsoft Defender Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.

Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

Numbas Remote Code Execution

Numbas versions prior to 7.3 suffer from a remote code execution vulnerability.

Sitecore 8.2 Remote Code Execution

Sitecore version 8.2 suffers from a remote code execution vulnerability.

Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read

Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.

Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution

Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.

WordPress Duplicator Data Exposure / Account Takeover

WordPress Duplicator plugin versions prior to 1.5.7.1 suffer from an unauthenticated sensitive data exposure vulnerability that can lead to account takeover.