Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2024-26193: Azure Migrate Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is Adjacent (AV:A), the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability?** An authenticated attacker would need to have access to a proxy server created in the same or in an accessible network of the Appliance.

Microsoft Security Response Center
Open in Source
#vulnerability#rce#auth#Azure Migrate#Security Vulnerability
CVE-2024-21447: Windows Authentication Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user needs to be tricked into running malicious files.

CVE-2024-23594: Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-20665: BitLocker Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-26180: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-26175: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-26171: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-26168: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.