Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

**The following mitigating factors might be helpful in your situation:** This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#auth#Reliable Multicast Transport Driver (RMCAST)#Security Vulnerability
CVE-2024-38142: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38141: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38136: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38135: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

GHSA-rxff-vr5r-8cj5: Path traveral in Streamlit on windows

### 1. Impacted Products Streamilt Open Source versions before 1.37.0. ### 2. Introduction Snowflake Streamlit open source addressed a security vulnerability via the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files). The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows. ### 3. Path Traversal Vulnerability #### 3.1 Description On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of [5.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) #### 3.2 Scenarios and attack vector(s) Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerabi...

Computer Laboratory Management 1.0 SQL Injection

Computer Laboratory Management version 1.0 suffers from a remote authenticated SQL injection vulnerability.

Gas Agency Management 2022 Cross Site Request Forgery

Gas Agency Management version 2022 suffers from a cross site request forgery vulnerability.

Garden Gate 2.6 SQL Injection

Garden Gate version 2.6 suffers from a remote SQL injection vulnerability.