Tag
#auth
**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms.
**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.
Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.
Numbas versions prior to 7.3 suffer from a remote code execution vulnerability.
Sitecore version 8.2 suffers from a remote code execution vulnerability.
Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.
Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.
WordPress Duplicator plugin versions prior to 1.5.7.1 suffer from an unauthenticated sensitive data exposure vulnerability that can lead to account takeover.