Volume 24 – Number 16

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

#ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400

Published: 2024-04-16

Last Updated: 2024-04-16 21:14:12 UTC

by Johannes Ullrich (Version: 1)

The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits.

We have gotten several reports of exploits being attempted against GlobalProtect installs. In addition, we see scans for the GlobalProtect login page, but these scans predated the exploit. VPN gateways have always been the target of exploits like brute forcing or credential stuffing attacks. ...

The exploit does exploit a path traversal vulnerability. The session ID ("SESSID" cookie) creates a file. This vulnerability can create a file in a telemetry directory, and the content will be executed (see the Watchtwr blog for more details).

Read the full entry:

https://isc.sans.edu/diary/Palo+Alto+Networks+GlobalProtect+exploit+public+and+widely+exploited+CVE20243400/30844/

Quick Palo Alto Networks Global Protect Vulnerability Update (CVE-2024-3400)

Published: 2024-04-15

Last Updated: 2024-04-15 23:56:55 UTC

by Johannes Ullrich (Version: 1)

This is a quick update to our initial diary from this weekend [CVE-2024-3400].

At this point, we are not aware of a public exploit for this vulnerability. The widely shared GitHub exploit is almost certainly fake.

As promised, Palo Alto delivered a hotfix for affected versions on Sunday (close to midnight Eastern Time).

One of our readers, Mark, observed attacks attempting to exploit the vulnerability from two IP addresses:

*An Akamai/Linode IP address. We do not have any reports from this IP address. Shodan suggests that the system may have recently hosted a WordPress site.

*A system in Singapore that has been actively scanning various ports in March and April.

According to Mark, the countermeasure of disabling telemetry worked. The attacks where directed at various GlobalProtect installs, missing recently deployed instances. This could be due to the attacker using a slightly outdated target list.

Please let us know if you observe any additional attacks or if you come across exploits for this vulnerability.

Read the full entry:

https://isc.sans.edu/diary/Quick+Palo+Alto+Networks+Global+Protect+Vulnerablity+Update+CVE20243400/30838/

Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)

Published: 2024-04-13

Last Updated: 2024-04-15 12:28:02 UTC

by Johannes Ullrich (Version: 1)

On Friday, Palo Alto Networks released an advisory warning users of Palo Alto's Global Protect product of a vulnerability that has been exploited since March [1].

Volexity discovered the vulnerability after one of its customers was compromised [2]. The vulnerability allows for arbitrary code execution. A GitHub repository claimed to include an exploit (it has been removed by now). But the exploit may have been a fake and not the actual exploit. It appeared a bit too simplistic (hopefully). I had no chance to test it.

Assume Compromise

According to Volexity, exploit attempts for this vulnerability were observed as early as March 26th.

Workarounds

GlobalProtect is only vulnerable if telemetry is enabled. Telemetry is enabled by default, but as a "quick fix", you may want to disable telemetry. Palo Alto Threat Prevention subscribers can enable Threat ID 95187 to block the exploit.

Patch

A patch was made available late on April 14th. Consider expediting the patch, but some testing should be performed to mitigate the risk of a "rushed out" patch.

[1] https://security.paloaltonetworks.com/CVE-2024-3400

[2] https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400

Read the full entry:

https://isc.sans.edu/diary/Critical+Palo+Alto+GlobalProtect+Vulnerability+Exploited+CVE20243400/30834/

Internet Storm Center Entries

Malicious PDF File Used As Delivery Mechanism (2024.04.17)

https://isc.sans.edu/diary/Malicious+PDF+File+Used+As+Delivery+Mechanism/30848/

Rolling Back Packages on Ubuntu/DebianRolling Back Packages on Ubuntu/Debian (2024.04.16)

https://isc.sans.edu/diary/Rolling+Back+Packages+on+UbuntuDebian/30842/

Building a Live SIFT USB with Persistence (2024.04.12)

https://isc.sans.edu/diary/Building+a+Live+SIFT+USB+with+Persistence/30832/

Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness (2024.04.11)

https://isc.sans.edu/diary/Evolution+of+Artificial+Intelligence+Systems+and+Ensuring+Trustworthiness/30828/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-3400 - Palo Alto Networks PAN-OS software is vulnerable to a command injection issue in the GlobalProtect feature, allowing unauthenticated attackers to execute arbitrary code with root privileges on the firewall.

Product: Palo Alto Networks PAN-OS

CVSS Score: 10.0

** KEV since 2024-04-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3400

ISC Diary: https://isc.sans.edu/diary/30834

ISC Podcast: https://isc.sans.edu/podcastdetail/8938

NVD References:

- https://security.paloaltonetworks.com/CVE-2024-3400

- https://unit42.paloaltonetworks.com/cve-2024-3400/

- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

CVE-2024-24576 - Rust had a critical vulnerability in its standard library prior to version 1.77.2 on Windows, allowing attackers to execute arbitrary shell commands by bypassing escaping when invoking batch files with untrusted arguments.

Product: Rust

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24576

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References:

- https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput

- https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg

- https://doc.rust-lang.org/std/process/struct.Command.html

- https://doc.rust-lang.org/std/process/struct.Command.html#method.arg

- https://doc.rust-lang.org/std/process/struct.Command.html#method.args

- https://github.com/rust-lang/rust/issues

- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/

- https://www.rust-lang.org/policies/security

CVE-2024-20758 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier contain an Improper Input Validation vulnerability that could allow arbitrary code execution without user interaction, with a high attack complexity.

Product: Adobe Commerce

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20758

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html

CVE-2024-20759 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are vulnerable to stored Cross-Site Scripting (XSS) allowing high-privileged attackers to inject malicious scripts into form fields, potentially executing malicious JavaScript in victim browsers with high admin impact.

Product: Adobe Commerce

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20759

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html

CVE-2024-29990 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Product: Microsoft Azure Kubernetes Service

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29990

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990

CVE-2024-26234 - Proxy Driver Spoofing Vulnerability

Product: Microsoft Windows Server

CVSS Score: 6.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26234

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234

CVE-2023-6318 through CVE-2023-6320 - LG webOS multiple vulnerabilities

Product: LG webOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6318

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6319

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6320

NVD References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

CVE-2023-41677 - Fortinet FortiProxy and FortiOS are vulnerable to unauthorized code execution through targeted social engineering attacks due to insufficiently protected credentials.

Product: Fortinet FortiProxy

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41677

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://fortiguard.com/psirt/FG-IR-23-493

CVE-2023-45590 - Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 is vulnerable to code injection attacks, enabling malicious execution of unauthorized code via visit to a malicious website.

Product: Fortinet FortiClientLinux

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45590

NVD References: https://fortiguard.com/psirt/FG-IR-23-087

CVE-2024-1813 - The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection up to version 2.11.0, allowing unauthenticated attackers to inject a PHP Object and potentially delete files, retrieve data, or execute code.

Product: WordPress Simple Job Board plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1813

NVD References:

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve

CVE-2024-2804 - The Network Summary plugin for WordPress is vulnerable to SQL Injection through the 'category' parameter in all versions up to 2.0.11, allowing unauthenticated attackers to access sensitive database information.

Product: WordPress Network Summary plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2804

NVD References:

- https://plugins.trac.wordpress.org/browser/network-summary/trunk/includes/class-network-summary.php#L225

- https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=cve

CVE-2024-3136 - The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion up to version 3.3.3, allowing unauthenticated attackers to execute arbitrary files on the server.

Product: MasterStudy LMS plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3136

NVD References:

- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php

- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve

CVE-2024-3119 & CVE-2024-3120 - Sngrep buffer overflow vulnerabilities

Product: Sngrep

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3119

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3120

NVD References:

- https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f

- https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6

- https://github.com/irontec/sngrep/releases/tag/v1.8.1

- https://pentraze.com/vulnerability-reports/

CVE-2024-31214 - Traccar versions 5.1 through 5.12 are vulnerable to arbitrary file upload, allowing attackers full control over file contents, directory, extension, and partial control over file name, potentially leading to various attacks, with version 6.0 containing a fix for the issue.

Product: Traccar

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31214

NVD References:

- https://github.com/traccar/traccar/blob/master/src/main/java/org/traccar/model/Device.java#L56

- https://github.com/traccar/traccar/blob/v5.12/src/main/java/org/traccar/api/resource/DeviceResource.java#L191

- https://github.com/traccar/traccar/commit/3fbdcd81566bc72e319ec05c77cf8a4120b87b8f

- https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9

CVE-2024-31461 - Plane has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev, allowing attackers to send arbitrary requests and potentially gain unauthorized access to internal systems.

Product: Plane open-source project management tool

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31461

NVD References:

- https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005

- https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c

- https://github.com/makeplane/plane/pull/3323

- https://github.com/makeplane/plane/pull/3333

- https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6

CVE-2024-31465, CVE-2024-31981 through CVE-2024-31984, CVE-2024-31986 through CVE-2024-31988, CVE-2024-31996, CVE-2024-31997 - XWiki Platform multiple remote code execution vulnerabilities

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31465

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31981

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31982

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31983

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31984

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31986

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31987

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31988

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31996

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31997

NVD References:

- https://jira.xwiki.org/browse/XWIKI-21474

- https://jira.xwiki.org/browse/XWIKI-21337

- https://jira.xwiki.org/browse/XWIKI-21472

- https://jira.xwiki.org/browse/XWIKI-21411

- https://jira.xwiki.org/browse/XWIKI-21471

- https://jira.xwiki.org/browse/XWIKI-21416

- https://jira.xwiki.org/browse/XWIKI-21478

- https://jira.xwiki.org/browse/XWIKI-21424

- https://jira.xwiki.org/browse/XWIKI-21438

- https://jira.xwiki.org/browse/XWIKI-21335

CVE-2024-25912 - Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Product: Skymoonlabs MoveTo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25912

NVD References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve

CVE-2024-21508 - MySQL2 before 3.9.4 allows for Remote Code Execution through improper validation of supportBigNumbers and bigNumberStrings values in the readCodeFor function.

Product: MySQL2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21508

NVD References:

- https://blog.slonser.info/posts/mysql2-attacker-configuration/

- https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21

- https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805

- https://github.com/sidorares/node-mysql2/pull/2572

- https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4

- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085

CVE-2023-51409 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted file upload with dangerous types from version n/a through 1.9.98.

Product: Jordy Meow ChatGPT Chatbot

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51409

NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-3704 - OpenGnsys product version 1.1.1d (Espeto) is vulnerable to SQL Injection, allowing attackers to inject malicious code and access sensitive database information.

Product: OpenGnsys

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3704

NVD References:

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys

CVE-2024-28878 - IO-1020 Micro ELD is vulnerable to code execution attacks due to downloading and running unverified code from nearby sources.

Product: IO-1020 Micro ELD

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28878

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01

CVE-2024-3765 - Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M are vulnerable to a critical manipulation vulnerability in the Sofia Service component, allowing for improper access controls and remote attacks.

Product: Xiongmai Sofia Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3765

NVD References:

- https://github.com/netsecfish/xiongmai_incorrect_access_control

- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py

- https://vuldb.com/?ctiid.260605

- https://vuldb.com/?id.260605

- https://vuldb.com/?submit.311903

CVE-2024-29836 & CVE-2024-29844 - Evolution Controller multiple vulnerabilities

Product: Evolution Networks Evolution Controller

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29836

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29844

NVD References: https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html

CVE-2024-3777 - The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

Product: Ai3 QbiBot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3777

NVD References: https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html

CVE-2024-32128 - Realtyna Organic IDX plugin versions n/a through 4.14.4 are affected by an SQL Injection vulnerability.

Product: Realtyna Organic IDX plugin

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32128

NVD References: https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-3781 - WBSAirback 21.02.04 is susceptible to command injection through Active Directory integration, enabling unauthorized modification of commands sent to downstream components.

Product: WBSAirback 21.02.04

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3781

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions

CVE-2023-48710 - iTop's vulnerability allows unauthorized access to files in the `env-production` folder, potentially exposing sensitive information from third-party modules, but has been fixed in versions 2.7.10, 3.0.4, 3.1.1, and 3.2.0.

Product: Combodo iTop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48710

NVD References:

- https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26

- https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc

CVE-2024-32022, CVE-2024-32025 through CVE-2024-32027 - Kohya_ss multiple command injection vulnerabilities

Product: Kohya_ss

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32022

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32025

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32026

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32027

NVD References: https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-m6jq-7j4v-2fg3

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-v5cm-33w8-xrj6

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83

CVE-2024-20997, CVE-2024-21010, CVE-2024-21014 - Oracle Hospitality Simphony multiple vulnerabilities

Product: Oracle Hospitality Simphony

CVSS Score: 9.8 - 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20997

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21010

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21014

NVD References: https://www.oracle.com/security-alerts/cpuapr2024.html

CVE-2024-21071 - Oracle Workflow in Oracle E-Business Suite versions 12.2.3-12.2.13 is susceptible to an easily exploitable vulnerability that allows a high privileged attacker to compromise the system and potentially impact additional products.

Product: Oracle E-Business Suite

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21071

NVD References: https://www.oracle.com/security-alerts/cpuapr2024.html

CVE-2024-21082 - The Oracle BI Publisher product of Oracle Analytics (component: XML Services) has a critical vulnerability that can be exploited by an unauthenticated attacker with network access via HTTP to compromise and takeover Oracle BI Publisher.

Product: Oracle BI Publisher

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21082

NVD References: https://www.oracle.com/security-alerts/cpuapr2024.html

CVE-2024-20670 - Outlook for Windows Spoofing Vulnerability

Product: Microsoft Outlook

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20670

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670

CVE-2024-20678 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

Product: Microsoft Windows Operating System

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20678

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678

CVE-2024-20688, CVE-2024-20689, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28896, CVE-2024-28920, CVE-2024-28925, CVE-2024-29061, & CVE-2024-29061 - Secure Boot Security Feature Bypass Vulnerabilities

Product: Microsoft Windows

CVSS Scores: 7.1 - 8.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20688

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20689

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26175

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26180

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26189

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26194

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26240

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28896

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28920

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28925

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29061

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29062

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062

CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Kernel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218

CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution Vulnerabilities

Product: Microsoft Defender for IoT

CVSS Scores: 7.2 - 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055

CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Product: Microsoft .NET Framework and Visual Studio

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409

CVE-2024-21447 - Windows Authentication Elevation of Privilege Vulnerability

Product: Microsoft Windows

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447

CVE-2024-26158 - Microsoft Install Service Elevation of Privilege Vulnerability

Product: Microsoft Install Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158

CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities

Product: Microsoft Windows Routing and Remote Access Service (RRAS)

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205

CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP Server Service Remote Code Execution Vulnerabilities

Product: Microsoft DHCP Server Service

CVSS Score: 7.2 - 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215

CVE-2024-26208 & CVE-2024-26232 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerabilities

Product: Microsoft Message Queuing (MSMQ)

CVSS Scores: 7.2 - 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232

CVE-2024-26210 & CVE-2024-26244- Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerabilities

Product: Microsoft WDAC OLE DB Provider

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244

CVE-2024-26214 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft SQL Server ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214

CVE-2024-26216 - Windows File Server Resource Management Service Elevation of Privilege Vulnerability

Product: Microsoft Windows File Server

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216

CVE-2024-26219 - HTTP.sys Denial of Service Vulnerability

Product: Microsoft HTTP.sys

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26219

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219

CVE-2024-26221 through CVE-2024-26224, CVE-2024-26227 - Windows DNS Server Remote Code Execution Vulnerabilities

Product: Windows DNS Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26221

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26222

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26223

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26224

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26227

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227

CVE-2024-26231 & CVE-2024-26233 - Windows DNS Server Remote Code Execution Vulnerability

Product: Microsoft Windows DNS Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26231

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26233

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233

CVE-2024-26228 - Windows Cryptographic Services Security Feature Bypass Vulnerability

Product: Microsoft Windows Cryptographic Services

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26228

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228

CVE-2024-26229 - Windows CSC Service Elevation of Privilege Vulnerability

Product: Windows CSC Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26229

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229

CVE-2024-26235 & CVE-2024-26236 - Windows Update Stack Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Update Stack

CVSS Score: 7.0 - 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26235

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26236

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236

CVE-2024-26237 - Windows Defender Credential Guard Elevation of Privilege Vulnerability

Product: Microsoft Windows Defender

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26237

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237

CVE-2024-26230, CVE-2024-26239, CVE-2024-26242 - Windows Telephony Server Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Telephony Server

CVSS Scores: 7.0 - 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26230

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26239

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26242

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242

CVE-2024-26241 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Win32k

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26241

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241

CVE-2024-26243 - Windows USB Print Driver Elevation of Privilege Vulnerability

Product: Windows USB Print Driver

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26243

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243

CVE-2024-26245 - Windows SMB Elevation of Privilege Vulnerability

Product: Microsoft Windows SMB

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26245

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245

CVE-2024-26248 - Windows Kerberos Elevation of Privilege Vulnerability

Product: Microsoft Windows Kerberos

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26248

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248

CVE-2024-26254 - Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability

Product: Microsoft Virtual Machine Bus (VMBus)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26254

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254

CVE-2024-26256 - libarchive Remote Code Execution Vulnerability

Product: libarchive

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26256

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256

CVE-2024-26257 - Microsoft Excel Remote Code Execution Vulnerability

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26257

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257

CVE-2024-26213, CVE-2024-28904, CVE-2024-28905, CVE-2024-28907 - Microsoft Brokering File System Elevation of Privilege Vulnerabilities

Product: Microsoft Brokering File System

CVSS Scores: 7.0.- 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26213

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28904

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28905

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28907

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907

CVE-2024-28929 through CVE-2024-28938, CVE-2024-28941, CVE-2024-28943, & CVE-2024-29043 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilities

Product: Microsoft ODBC Driver for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28929

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28930

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28931

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28932

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28933

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28934

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28935

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28936

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28937

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28938

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28941

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28943

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29043

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043

CVE-2024-28939, CVE-2024-28940, CVE-2024-28942, CVE-2024-28944, CVE-2024-28945, CVE-2024-29044 through CVE-2024-29048 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabilities

Product: Microsoft OLE DB Driver for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28939

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28940

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28942

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28944

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28945

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29044

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29045

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29046

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29047

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29048