Report Name: Microsoft Patch Tuesday, July 2024
Generated: 2024-07-10 00:17:18

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLAComment
Microsoft Message Queuing0.911Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
Windows Kernel0.911Windows Kernel
Windows NTLM0.911A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
Windows TCP/IP0.911Windows component
Windows Win32k0.922The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
.NET Core and Visual Studio0.811.NET Core and Visual Studio
BitLocker0.811A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista
Chromium0.862026Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Microsoft Defender for IoT0.811Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
Microsoft Edge0.8145Web browser
Microsoft Office0.811Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Microsoft PowerShell0.833PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
Microsoft Windows Codecs Library0.822Windows component
Microsoft Windows Performance Data Helper Library0.833Windows component
Microsoft Windows Server Backup0.811Windows component
Secure Boot0.811920Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
Windows Cryptographic Services0.811Windows component
Windows Distributed Transaction Coordinator0.811Windows component
Windows Enroll Engine0.811Windows component
Windows Fax Service0.811Windows component
Windows File Explorer0.811Windows component
Windows Filtering Platform0.811Windows component
Windows Graphics Component0.8123Windows component
Windows Image Acquisition0.811Windows component
Windows Imaging Component0.811Windows component
Windows Kernel-Mode Driver0.811Windows component
Windows Layer-2 Bridge Network Driver0.8134Windows component
Windows Line Printer Daemon Service0.811Windows component
Windows LockDown Policy (WLDP)0.811Windows component
Windows MSHTML Platform0.811Windows component
Windows MultiPoint Services0.811Windows component
Windows Network Driver Interface Specification (NDIS)0.811Windows component
Windows Online Certificate Status Protocol (OCSP) Server0.833Windows component
Windows Remote Access Connection Manager0.822Windows component
Windows Remote Desktop Gateway (RD Gateway)0.811Windows component
Windows Remote Desktop Licensing Service0.8347Windows component
Windows Text Services Framework0.811Windows component
Windows Themes0.811Windows component
Windows Workstation Service0.811Windows component
Windows iSCSI Service0.811Windows component
.NET and Visual Studio0.722.NET and Visual Studio
Microsoft SharePoint0.711Microsoft SharePoint
Microsoft Outlook0.611Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
Windows Hyper-V0.611Hardware virtualization component of the client editions of Windows NT
.NET, .NET Framework, and Visual Studio0.511.NET, .NET Framework, and Visual Studio
Azure CycleCloud0.511Azure CycleCloud
Azure DevOps Server0.522Azure DevOps Server
Azure Kinect SDK0.511Azure Kinect SDK
Azure Network Watcher VM Extension0.511Azure Network Watcher VM Extension
CERT/CC: CVE-2024-3596 RADIUS Protocol0.511CERT/CC: CVE-2024-3596 RADIUS Protocol
DCOM Remote Cross-Session Activation0.511DCOM Remote Cross-Session Activation
DHCP Server Service0.511DHCP Server Service
Github: CVE-2024-38517 TenCent RapidJSON0.511Github: CVE-2024-38517 TenCent RapidJSON
Github: CVE-2024-39684 TenCent RapidJSON0.511Github: CVE-2024-39684 TenCent RapidJSON
Kernel Streaming WOW Thunk Service Driver0.533Kernel Streaming WOW Thunk Service Driver
Microsoft Dynamics 365 (On-Premises)0.511Microsoft Dynamics 365 (On-Premises)
Microsoft Edge for iOS0.511Microsoft Edge for iOS
Microsoft OLE DB Driver for SQL Server0.511Microsoft OLE DB Driver for SQL Server
Microsoft SharePoint Server0.533Microsoft SharePoint Server
Microsoft WS-Discovery0.511Microsoft WS-Discovery
Microsoft Xbox0.511Microsoft Xbox
SQL Server Native Client OLE DB Provider0.53737SQL Server Native Client OLE DB Provider
Xbox Wireless Adapter0.511Xbox Wireless Adapter
Microsoft Dataverse0.211Microsoft Dataverse
Unknown Product011Unknown Product


Vulnerability Types

Vulnerability TypeCriticalityUCHMLA
Remote Code Execution1.0135164
Security Feature Bypass0.942327
Elevation of Privilege0.8532326
Information Disclosure0.83178
Denial of Service0.71717
Memory Corruption0.52020
Spoofing0.4111012
Unknown Vulnerability Type011


Comments

SourceUCHMLA
MS PT Extended72633
Qualys1612120
Tenable134145
Rapid71517
ZDI1315


Vulnerabilities

Urgent (0)

Critical (1)

1. Spoofing - Windows MSHTML Platform (CVE-2024-38112) - Critical [635]

Description: Windows MSHTML Platform Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Microsoft website
Exploit Exists0.617The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit)
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. An attacker must send the victim a malicious file and convince the victim to execute it.

Tenable: Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)

Tenable: CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability

Tenable: CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML. It was assigned a CVSSv3 score of 7.5 and is rated important. An unauthenticated, remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file. Microsoft notes that in order to successfully exploit this flaw, an attacker would also need to take “additional actions” to “prepare the target environment.”

Rapid7: Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the vulnerabilities published today. At time of writing, none of the vulnerabilities patched today are listed in CISA’s Known Exploited Vulnerabilities catalog, though we can expect CVE-2024-38080 and CVE-2024-38112 to appear there in short order. Microsoft is also patching 5 critical remote code execution (RCE) vulnerabilities today.

Rapid7: The other vulnerability seen exploited in the wild this month is CVE-2024-38112, a Spoofing vulnerability affecting Microsoft’s MSHTML browser engine which can be found on all versions of Windows, including Server editions. User interaction is required for exploitation – for example, a threat actor would need to send the victim a malicious file and convince them to open it. Microsoft is characteristically cagey about what exactly can be spoofed here, though they do indicate that the associated Common Weakness Enumeration (CWE) is CWE-668: Exposure of Resource to Wrong Sphere, which is defined as providing unintended actors with inappropriate access to a resource.

ZDI: CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability. This bug is listed as “Spoofing” for the impact, but it’s not clear exactly what is being spoofed. Microsoft has used this wording in the past for NTLM relay attacks, but that seems unlikely here. Given the researcher who reported this to Microsoft, we’ll likely see additional analysis from them soon. The good news is that a user would need to click a link to be affected. The bad news is that users click anything.

High (22)

2. Elevation of Privilege - Windows Hyper-V (CVE-2024-38080) - High [561]

Description: Windows Hyper-V Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Microsoft website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.614Hardware virtualization component of the client editions of Windows NT
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

Tenable: Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)

Tenable: CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability

Tenable: CVE-2024-38080 is an EoP vulnerability in Microsoft Windows Hyper-V virtualization product. It was assigned a CVSSv3 score of 7.8 and is rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges.

Rapid7: Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the vulnerabilities published today. At time of writing, none of the vulnerabilities patched today are listed in CISA’s Known Exploited Vulnerabilities catalog, though we can expect CVE-2024-38080 and CVE-2024-38112 to appear there in short order. Microsoft is also patching 5 critical remote code execution (RCE) vulnerabilities today.

Rapid7: CVE-2024-38080 is an elevation of privilege (EoP) vulnerability affecting Microsoft’s Hyper-V virtualization functionality. Successful exploitation will give an attacker SYSTEM-level privileges. Only more recent editions of Windows are affected; Windows 11 since version 21H2 and Windows Server 2022 (including Server Core).

ZDI: CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability. This vulnerability could allow an authenticated threat actor to execute code with SYSTEM privileges. While not specifically stated by Microsoft, let’s assume the worst-case scenario and say that an authorized user could be on a guest OS. Microsoft also does not state how widespread the exploitation is, but this exploit would prove quite useful for ransomware. If you’re running Hyper-V, test and deploy this update quickly.

3. Spoofing - CERT/CC: CVE-2024-3596 RADIUS Protocol (CVE-2024-3596) - High [452]

Description: CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-3596)
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.514CERT/CC: CVE-2024-3596 RADIUS Protocol
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

4. Information Disclosure - Microsoft Message Queuing (CVE-2024-38017) - High [450]

Description: Microsoft Message Queuing Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.417The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
CVSS Base Score0.610CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

5. Remote Code Execution - Chromium (CVE-2024-5836) - High [442]

Description: Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5836 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

6. Remote Code Execution - Chromium (CVE-2024-6100) - High [442]

Description: Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-6100 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

7. Remote Code Execution - Microsoft Edge (CVE-2024-34122) - High [430]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.21742

MS PT Extended: CVE-2024-34122 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

8. Remote Code Execution - Windows Remote Desktop Licensing Service (CVE-2024-38074) - High [430]

Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score1.010CVSS Base Score is 9.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38074 & CVE-2024-38076: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability An attacker may send a specially crafted packet to a server set up as a Remote Desktop Licensing server. Successful exploitation of the vulnerability may lead to remote code execution.

Rapid7: Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.

9. Remote Code Execution - Windows Remote Desktop Licensing Service (CVE-2024-38076) - High [430]

Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score1.010CVSS Base Score is 9.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38074 & CVE-2024-38076: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability An attacker may send a specially crafted packet to a server set up as a Remote Desktop Licensing server. Successful exploitation of the vulnerability may lead to remote code execution.

Rapid7: Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.

10. Remote Code Execution - Windows Remote Desktop Licensing Service (CVE-2024-38077) - High [430]

Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score1.010CVSS Base Score is 9.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Services (RDS) licensing, also known as Remote Desktop Protocol (RDP) licensing, is a Windows component allowing users to control a remote computer over a network connection. RDS licensing is important when setting up RDS environments, and the Remote Desktop License Server is a critical element of this process. An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution.

Rapid7: Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.

ZDI: CVE-2024-38077 – Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. This is one of three Remote Desktop Licensing RCEs getting fixed this month, and all have a CVSS rating of 9.8. Exploitation of this should be straightforward, as any unauthenticated user could execute their code simply by sending a malicious message to an affected server. As a temporary workaround, you could disable the Licensing Service, but if you’re running it, you likely need it. I would also ensure these servers are not addressable to the Internet. If a bunch of these servers are Internet-connected, I would expect exploitation soon. Now is also a good time to audit your servers to ensure they aren’t running any unnecessary services.

11. Security Feature Bypass - Chromium (CVE-2024-5843) - High [425]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2203

MS PT Extended: CVE-2024-5843 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

12. Security Feature Bypass - Chromium (CVE-2024-6101) - High [425]

Description: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-6101 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

13. Elevation of Privilege - Azure CycleCloud (CVE-2024-38092) - High [423]

Description: Azure CycleCloud Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.417The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Azure CycleCloud
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

14. Remote Code Execution - Microsoft Office (CVE-2024-38021) - High [419]

Description: Microsoft Office Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

Tenable: CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability

Tenable: CVE-2024-38021 is a RCE vulnerability affecting Microsoft Office 2016. This vulnerability was assigned a CVSSv3 score of 8.8 and rated as “Exploitation More Likely.” Successful exploitation would allow an attacker to gain elevated privileges, including write, read and delete functionality. MIcrosoft notes that exploitation requires an attacker to create a malicious link that can bypass Protected View Protocol. Based on Microsoft’s description, an attacker would have to entice a user into clicking the link, likely by sending it to an unsuspecting user in a phishing attack. This would result in the attacker gaining access to local NTLM credential information which could be utilized for elevated access to achieve RCE.

15. Remote Code Execution - Windows Fax Service (CVE-2024-38104) - High [419]

Description: Windows Fax Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

16. Remote Code Execution - Windows Imaging Component (CVE-2024-38060) - High [419]

Description: Windows Imaging Component Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38060: Microsoft Windows Codecs Library Remote Code Execution Vulnerability The Microsoft Windows Codecs Library is a collection of codecs that Windows Media Player and other apps use to play and create media files. Codecs can comprise two parts: an encoder that compresses the media file and a decoder that decompresses it. An authenticated attacker may exploit the vulnerability by uploading a malicious TIFF file to a server.

Tenable: CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability

Tenable: CVE-2024-38060 is a RCE vulnerability affecting the Windows Imaging Component, a framework used for processing images. Microsoft rates this vulnerability as “Exploitation More Likely” and assigned a CVSSv3 score of 8.8 as well as a critical severity rating. Exploitation of this flaw requires an attacker to be authenticated and utilize this access in order to upload a malicious Tag Image File Format (TIFF) file, an image type used for graphics.

Rapid7: All supported versions of Windows (and almost certainly unsupported versions as well) are vulnerable to CVE-2024-38060, a flaw in the Windows Imaging Component related to TIFF (Tagged Image File Format) image processing that could allow an attacker to execute arbitrary code on a system. The example scenario Microsoft provides is simply of an authenticated attacker uploading a specially crafted TIFF image to a server in order to exploit this.

ZDI: CVE-2024-38060 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability. This bug does require the attacker to be authenticated, but any authenticated user could abuse it. It simply requires an authenticated user to upload a specially crafted TIFF image to an affected system. This would be a nifty method for lateral movement once an initial foothold has been achieved. There are no workarounds either, so test and deploy the patch quickly.

17. Remote Code Execution - Windows Layer-2 Bridge Network Driver (CVE-2024-38053) - High [419]

Description: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

18. Remote Code Execution - Windows MultiPoint Services (CVE-2024-30013) - High [419]

Description: Windows MultiPoint Services Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

19. Elevation of Privilege - Azure Network Watcher VM Extension (CVE-2024-35261) - High [411]

Description: Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.417The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Azure Network Watcher VM Extension
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

20. Remote Code Execution - Chromium (CVE-2024-5834) - High [407]

Description: Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.610CVSS Base Score is 5.6. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.20495

MS PT Extended: CVE-2024-5834 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

21. Remote Code Execution - Windows Graphics Component (CVE-2024-38051) - High [407]

Description: Windows Graphics Component Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

22. Security Feature Bypass - Chromium (CVE-2024-5840) - High [401]

Description: Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2203

MS PT Extended: CVE-2024-5840 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

23. Security Feature Bypass - Secure Boot (CVE-2024-28899) - High [401]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Medium (151)

24. Elevation of Privilege - Windows Win32k (CVE-2024-38059) - Medium [397]

Description: Win32k Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

Tenable: CVE-2024-38059 and CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-38059 and CVE-2024-38066 are EoP vulnerabilities affecting Windows Win32k, a core kernel-side driver used in Windows. They were both assigned CVSSv3 scores of 7.8 and are rated as important. An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM. Microsoft rates these vulnerabilities as “Exploitation More Likely.”

25. Elevation of Privilege - Windows Win32k (CVE-2024-38066) - Medium [397]

Description: Windows Win32k Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

Tenable: CVE-2024-38059 and CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-38059 and CVE-2024-38066 are EoP vulnerabilities affecting Windows Win32k, a core kernel-side driver used in Windows. They were both assigned CVSSv3 scores of 7.8 and are rated as important. An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM. Microsoft rates these vulnerabilities as “Exploitation More Likely.”

26. Remote Code Execution - Microsoft Windows Performance Data Helper Library (CVE-2024-38019) - Medium [395]

Description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

27. Remote Code Execution - Microsoft Windows Performance Data Helper Library (CVE-2024-38025) - Medium [395]

Description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

28. Remote Code Execution - Microsoft Windows Performance Data Helper Library (CVE-2024-38028) - Medium [395]

Description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

29. Remote Code Execution - Windows Distributed Transaction Coordinator (CVE-2024-38049) - Medium [395]

Description: Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.6. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

30. Information Disclosure - Windows TCP/IP (CVE-2024-38064) - Medium [393]

Description: Windows TCP/IP Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

31. Elevation of Privilege - Microsoft Defender for IoT (CVE-2024-38089) - Medium [392]

Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.910CVSS Base Score is 9.1. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

32. Elevation of Privilege - Windows Text Services Framework (CVE-2024-21417) - Medium [392]

Description: Windows Text Services Framework Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

33. Remote Code Execution - .NET and Visual Studio (CVE-2024-35264) - Medium [390]

Description: .NET and Visual Studio Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714.NET and Visual Studio
CVSS Base Score0.810CVSS Base Score is 8.1. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability An attacker must win a race condition to exploit the vulnerability. An attacker may exploit this vulnerability by closing an http/3 stream while the request body is being processed, leading to a race condition. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems.

Tenable: CVE-2024-35264 |.NET and Visual Studio Remote Code Execution Vulnerability

Tenable: CVE-2024-35264 is a RCE vulnerability affecting.NET and Visual Studio. It was assigned a CVSSv3 score of 8.1 and is the third Microsoft zero-day vulnerability patched this month. While it was not exploited in the wild, details were made public prior to the release of a patch. According to the advisory, exploitation requires an attacker to win a race condition and the exploitability reflects this as it is rated as “Exploitation Less Likely.”

34. Security Feature Bypass - Secure Boot (CVE-2024-37969) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

35. Security Feature Bypass - Secure Boot (CVE-2024-37970) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

36. Security Feature Bypass - Secure Boot (CVE-2024-37971) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

37. Security Feature Bypass - Secure Boot (CVE-2024-37972) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

38. Security Feature Bypass - Secure Boot (CVE-2024-37973) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.4. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

39. Security Feature Bypass - Secure Boot (CVE-2024-37974) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

40. Security Feature Bypass - Secure Boot (CVE-2024-37975) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

41. Security Feature Bypass - Secure Boot (CVE-2024-37977) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

42. Security Feature Bypass - Secure Boot (CVE-2024-37978) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

43. Security Feature Bypass - Secure Boot (CVE-2024-37981) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

44. Security Feature Bypass - Secure Boot (CVE-2024-37984) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.4. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

45. Security Feature Bypass - Secure Boot (CVE-2024-37986) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

46. Security Feature Bypass - Secure Boot (CVE-2024-37987) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

47. Security Feature Bypass - Secure Boot (CVE-2024-37988) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

48. Security Feature Bypass - Secure Boot (CVE-2024-37989) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

49. Security Feature Bypass - Secure Boot (CVE-2024-38010) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

50. Security Feature Bypass - Secure Boot (CVE-2024-38011) - Medium [389]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

51. Security Feature Bypass - Windows Cryptographic Services (CVE-2024-30098) - Medium [389]

Description: Windows Cryptographic Services Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

52. Security Feature Bypass - Windows LockDown Policy (WLDP) (CVE-2024-38070) - Medium [389]

Description: Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

53. Elevation of Privilege - Microsoft PowerShell (CVE-2024-38043) - Medium [380]

Description: PowerShell Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

54. Elevation of Privilege - Microsoft PowerShell (CVE-2024-38047) - Medium [380]

Description: PowerShell Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

55. Elevation of Privilege - Windows File Explorer (CVE-2024-38100) - Medium [380]

Description: Windows File Explorer Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

56. Elevation of Privilege - Windows Filtering Platform (CVE-2024-38034) - Medium [380]

Description: Windows Filtering Platform Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

57. Elevation of Privilege - Windows Graphics Component (CVE-2024-38079) - Medium [380]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

58. Elevation of Privilege - Windows Graphics Component (CVE-2024-38085) - Medium [380]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

59. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-38062) - Medium [380]

Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

60. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2024-30079) - Medium [380]

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

61. Elevation of Privilege - Windows Workstation Service (CVE-2024-38050) - Medium [380]

Description: Windows Workstation Service Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

62. Remote Code Execution - Microsoft SharePoint (CVE-2024-38094) - Medium [378]

Description: Microsoft SharePoint Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Microsoft SharePoint
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

63. Security Feature Bypass - BitLocker (CVE-2024-38058) - Medium [377]

Description: BitLocker Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista
CVSS Base Score0.710CVSS Base Score is 6.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

64. Security Feature Bypass - Secure Boot (CVE-2024-26184) - Medium [377]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

65. Security Feature Bypass - Secure Boot (CVE-2024-38065) - Medium [377]

Description: Secure Boot Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

66. Security Feature Bypass - Windows Enroll Engine (CVE-2024-38069) - Medium [377]

Description: Windows Enroll Engine Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

67. Information Disclosure - Windows Kernel (CVE-2024-38041) - Medium [369]

Description: Windows Kernel Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

68. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-37334) - Medium [369]

Description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Microsoft OLE DB Driver for SQL Server
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37334||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|

69. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-20701) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-20701||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

70. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21303) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21303||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

71. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21308) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21308||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

72. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21317) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21317||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

73. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21331) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21331||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

74. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21332) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21332||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

75. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21333) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21333||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

76. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21335) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21335||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

77. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21373) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21373||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

78. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21398) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21398||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

79. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21414) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21414||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

80. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21415) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21415||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

81. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21425) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21425||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

82. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21428) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21428||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

83. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-21449) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-21449||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

84. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-28928) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-28928||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

85. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-35256) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-35256||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

86. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-35271) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-35271||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

87. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-35272) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-35272||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

88. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37318) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37318||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

89. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37319) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37319||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

90. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37320) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37320||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

91. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37321) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37321||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

92. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37322) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37322||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

93. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37323) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37323||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

94. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37324) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37324||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

95. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37326) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37326||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

96. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37327) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37327||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

97. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37328) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37328||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

98. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37329) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37329||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

99. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37330) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37330||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

100. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37331) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37331||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

101. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37332) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37332||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

102. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37333) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37333||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

103. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-37336) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-37336||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

104. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-38087) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-38087||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

105. Remote Code Execution - SQL Server Native Client OLE DB Provider (CVE-2024-38088) - Medium [369]

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SQL Server Native Client OLE DB Provider
CVSS Base Score0.910CVSS Base Score is 8.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Tenable: |CVE-2024-38088||SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability||8.8|

106. Elevation of Privilege - Microsoft PowerShell (CVE-2024-38033) - Medium [368]

Description: PowerShell Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
CVSS Base Score0.710CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

107. Elevation of Privilege - Microsoft Windows Server Backup (CVE-2024-38013) - Medium [368]

Description: Microsoft Windows Server Backup Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.7. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

108. Elevation of Privilege - Windows Image Acquisition (CVE-2024-38022) - Medium [368]

Description: Windows Image Acquisition Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 7.0. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

109. Remote Code Execution - Xbox Wireless Adapter (CVE-2024-38078) - Medium [357]

Description: Xbox Wireless Adapter Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Xbox Wireless Adapter
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

110. Denial of Service - .NET Core and Visual Studio (CVE-2024-30105) - Medium [353]

Description: .NET Core and Visual Studio Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814.NET Core and Visual Studio
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

111. Denial of Service - Windows Online Certificate Status Protocol (OCSP) Server (CVE-2024-38031) - Medium [353]

Description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

112. Denial of Service - Windows Online Certificate Status Protocol (OCSP) Server (CVE-2024-38067) - Medium [353]

Description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

113. Denial of Service - Windows Online Certificate Status Protocol (OCSP) Server (CVE-2024-38068) - Medium [353]

Description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

114. Denial of Service - Windows Remote Desktop Gateway (RD Gateway) (CVE-2024-38015) - Medium [353]

Description: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

115. Denial of Service - Windows Remote Desktop Licensing Service (CVE-2024-38071) - Medium [353]

Description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

116. Denial of Service - Windows Remote Desktop Licensing Service (CVE-2024-38072) - Medium [353]

Description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

117. Denial of Service - Windows Remote Desktop Licensing Service (CVE-2024-38073) - Medium [353]

Description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

118. Memory Corruption - Chromium (CVE-2024-5830) - Medium [353]

Description: Chromium: CVE-2024-5830 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5830 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

119. Memory Corruption - Chromium (CVE-2024-5831) - Medium [353]

Description: Chromium: CVE-2024-5831 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5831 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

120. Memory Corruption - Chromium (CVE-2024-5832) - Medium [353]

Description: Chromium: CVE-2024-5832 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5832 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

121. Memory Corruption - Chromium (CVE-2024-5833) - Medium [353]

Description: Chromium: CVE-2024-5833 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5833 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

122. Memory Corruption - Chromium (CVE-2024-5837) - Medium [353]

Description: Chromium: CVE-2024-5837 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5837 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

123. Memory Corruption - Chromium (CVE-2024-5838) - Medium [353]

Description: Chromium: CVE-2024-5838 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5838 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

124. Memory Corruption - Chromium (CVE-2024-5839) - Medium [353]

Description: Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2203

MS PT Extended: CVE-2024-5839 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

125. Memory Corruption - Chromium (CVE-2024-5841) - Medium [353]

Description: Chromium: CVE-2024-5841 Use after free in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5841 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

126. Memory Corruption - Chromium (CVE-2024-5844) - Medium [353]

Description: Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5844 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

127. Memory Corruption - Chromium (CVE-2024-5845) - Medium [353]

Description: Chromium: CVE-2024-5845 Use after free in Audio. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5845 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

128. Memory Corruption - Chromium (CVE-2024-5846) - Medium [353]

Description: Chromium: CVE-2024-5846 Use after free in PDFium. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5846 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

129. Memory Corruption - Chromium (CVE-2024-5847) - Medium [353]

Description: Chromium: CVE-2024-5847 Use after free in PDFium. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5847 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

130. Memory Corruption - Chromium (CVE-2024-6102) - Medium [353]

Description: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-6102 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

131. Memory Corruption - Chromium (CVE-2024-6103) - Medium [353]

Description: Chromium: CVE-2024-6103: Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-6103 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

132. Information Disclosure - Microsoft Windows Codecs Library (CVE-2024-38055) - Medium [352]

Description: Microsoft Windows Codecs Library Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

133. Information Disclosure - Microsoft Windows Codecs Library (CVE-2024-38056) - Medium [352]

Description: Microsoft Windows Codecs Library Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610CVSS Base Score is 5.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

134. Remote Code Execution - DHCP Server Service (CVE-2024-38044) - Medium [345]

Description: DHCP Server Service Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514DHCP Server Service
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

135. Remote Code Execution - Microsoft SharePoint Server (CVE-2024-38023) - Medium [345]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Microsoft SharePoint Server
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-38023: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint is a web-based document management and collaboration platform that helps share files, data, news, and resources. The application transforms business processes by providing simple sharing and seamless collaboration. An authenticated attacker with Site Owner permissions may exploit the vulnerability by uploading a specially crafted file to the targeted SharePoint Server and crafting specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute remote code in the SharePoint Server context.

Rapid7: Similar to a vulnerability seen in May, CVE-2024-38023 is a SharePoint vulnerability that could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to a SharePoint Server, then craft malicious API requests to trigger deserialization of the file's parameters, thus enabling them to achieve remote code execution in the context of the SharePoint Server. The CVSS base score of 7.2 reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.

ZDI: CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This vulnerability also requires authentication, but any SharePoint user with Site Owner permissions can hit it. However, the default configuration of SharePoint allows authenticated users to create sites. That’s why I disagree with Microsoft’s CVSS rating here. By changing “Privileges Required” to low instead of high, it takes it from a 7.2 to (IMHO) more accurate 8.8. We blogged about this type of bug in the past. These types of bugs have been exploited in the past, so if you’re running SharePoint, don’t disregard or delay implementing this fix.

136. Remote Code Execution - Microsoft SharePoint Server (CVE-2024-38024) - Medium [345]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Microsoft SharePoint Server
CVSS Base Score0.710CVSS Base Score is 7.2. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

137. Remote Code Execution - Microsoft Xbox (CVE-2024-38032) - Medium [345]

Description: Microsoft Xbox Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Microsoft Xbox
CVSS Base Score0.710CVSS Base Score is 7.1. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

138. Denial of Service - Windows Layer-2 Bridge Network Driver (CVE-2024-38101) - Medium [341]

Description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

139. Denial of Service - Windows Layer-2 Bridge Network Driver (CVE-2024-38102) - Medium [341]

Description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

140. Denial of Service - Windows Layer-2 Bridge Network Driver (CVE-2024-38105) - Medium [341]

Description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

141. Denial of Service - Windows Line Printer Daemon Service (CVE-2024-38027) - Medium [341]

Description: Windows Line Printer Daemon Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

142. Denial of Service - Windows Network Driver Interface Specification (NDIS) (CVE-2024-38048) - Medium [341]

Description: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

143. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-30071) - Medium [341]

Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.510CVSS Base Score is 4.7. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

144. Memory Corruption - Chromium (CVE-2024-5842) - Medium [341]

Description: Chromium: CVE-2024-5842 Use after free in Browser UI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5842 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

145. Memory Corruption - Chromium (CVE-2024-6290) - Medium [341]

Description: Chromium: CVE-2024-6290 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.15765

MS PT Extended: CVE-2024-6290 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

146. Memory Corruption - Chromium (CVE-2024-6291) - Medium [341]

Description: Chromium: CVE-2024-6291 Use after free in Swiftshader. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.15765

MS PT Extended: CVE-2024-6291 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

147. Memory Corruption - Chromium (CVE-2024-6292) - Medium [341]

Description: Chromium: CVE-2024-6292 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.15765

MS PT Extended: CVE-2024-6292 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

148. Memory Corruption - Chromium (CVE-2024-6293) - Medium [341]

Description: Chromium: CVE-2024-6293 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00045, EPSS Percentile is 0.15765

MS PT Extended: CVE-2024-6293 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

149. Denial of Service - .NET and Visual Studio (CVE-2024-38095) - Medium [336]

Description: .NET and Visual Studio Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714.NET and Visual Studio
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

150. Remote Code Execution - Azure Kinect SDK (CVE-2024-38086) - Medium [333]

Description: Azure Kinect SDK Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Azure Kinect SDK
CVSS Base Score0.610CVSS Base Score is 6.4. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

151. Elevation of Privilege - DCOM Remote Cross-Session Activation (CVE-2024-38061) - Medium [330]

Description: DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514DCOM Remote Cross-Session Activation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

152. Elevation of Privilege - Github: CVE-2024-38517 TenCent RapidJSON (CVE-2024-38517) - Medium [330]

Description: Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Github: CVE-2024-38517 TenCent RapidJSON
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

153. Elevation of Privilege - Github: CVE-2024-39684 TenCent RapidJSON (CVE-2024-39684) - Medium [330]

Description: Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Github: CVE-2024-39684 TenCent RapidJSON
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

154. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38052) - Medium [330]

Description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Kernel Streaming WOW Thunk Service Driver
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

155. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38054) - Medium [330]

Description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Kernel Streaming WOW Thunk Service Driver
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

156. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38057) - Medium [330]

Description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Kernel Streaming WOW Thunk Service Driver
CVSS Base Score0.810CVSS Base Score is 7.8. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

157. Remote Code Execution - Microsoft Dataverse (CVE-2024-35260) - Medium [330]

Description: Microsoft Dataverse Remote Code Execution Vulnerability. An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.214Microsoft Dataverse
CVSS Base Score0.810CVSS Base Score is 8.0. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.19467

MS PT Extended: CVE-2024-35260 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

158. Denial of Service - Windows Remote Desktop Licensing Service (CVE-2024-38099) - Medium [329]

Description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610CVSS Base Score is 5.9. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38024 & CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. This would enable the attacker to execute code remotely in the SharePoint Server context. CVE-2024-38054 & CVE-2024-38052 are elevation of privilege vulnerabilities in the Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38059 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38085 is an elevation of privilege vulnerability in the Windows Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38100 is an elevation of privilege vulnerability in Windows File Explorer. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker may craft a malicious link to bypass the Protected View Protocol. An attacker may exploit the vulnerability to leak local NTLM credential information and perform remote code execution. CVE-2024-38066 is an elevation of privilege vulnerability in Windows Win32k. Upon successful exploitation of the vulnerability, an attacker could gain administrator privileges. CVE-2024-38079 is an elevation of privilege vulnerability in the Windows Graphics Component. An attacker must first log on to the system to exploit this vulnerability. An attacker could then run a specially crafted application to exploit the vulnerability and take control of an affected system. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38099 is the denial-of-service vulnerability in Windows Remote Desktop Licensing Service. An attacker must deduce the necessary algorithm to exploit this vulnerability and gain unauthorized access to specific remote procedure call (RPC) endpoints.

159. Information Disclosure - Microsoft SharePoint Server (CVE-2024-32987) - Medium [326]

Description: Microsoft SharePoint Server Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Microsoft SharePoint Server
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

160. Elevation of Privilege - .NET, .NET Framework, and Visual Studio (CVE-2024-38081) - Medium [318]

Description: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514.NET, .NET Framework, and Visual Studio
CVSS Base Score0.710CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

161. Denial of Service - Windows iSCSI Service (CVE-2024-35270) - Medium [317]

Description: Windows iSCSI Service Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.510CVSS Base Score is 5.3. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

162. Information Disclosure - Microsoft Dynamics 365 (On-Premises) (CVE-2024-30061) - Medium [314]

Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Microsoft Dynamics 365 (On-Premises)
CVSS Base Score0.710CVSS Base Score is 7.3. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

163. Spoofing - Windows NTLM (CVE-2024-30081) - Medium [304]

Description: Windows NTLM Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.914A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
CVSS Base Score0.710CVSS Base Score is 7.1. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

164. Denial of Service - Microsoft WS-Discovery (CVE-2024-38091) - Medium [303]

Description: Microsoft WS-Discovery Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Microsoft WS-Discovery
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

165. Memory Corruption - Chromium (CVE-2024-5835) - Medium [294]

Description: Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.410CVSS Base Score is 4.2. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.2209

MS PT Extended: CVE-2024-5835 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

166. Spoofing - Microsoft Edge (CVE-2024-30058) - Medium [288]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.510CVSS Base Score is 5.4. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17143

MS PT Extended: CVE-2024-30058 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

167. Spoofing - Microsoft Edge (CVE-2024-38082) - Medium [288]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.510CVSS Base Score is 4.7. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17143

MS PT Extended: CVE-2024-38082 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

168. Spoofing - Windows Themes (CVE-2024-38030) - Medium [288]

Description: Windows Themes Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

169. Spoofing - Microsoft Edge (CVE-2024-38083) - Medium [276]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.410CVSS Base Score is 4.3. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17143

MS PT Extended: CVE-2024-38083 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

170. Spoofing - Microsoft Edge (CVE-2024-38093) - Medium [276]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.410CVSS Base Score is 4.3. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17143

MS PT Extended: CVE-2024-38093 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

171. Spoofing - Microsoft Outlook (CVE-2024-38020) - Medium [254]

Description: Microsoft Outlook Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.614Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
CVSS Base Score0.710CVSS Base Score is 6.5. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

172. Spoofing - Azure DevOps Server (CVE-2024-35266) - Medium [250]

Description: Azure DevOps Server Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.514Azure DevOps Server
CVSS Base Score0.810CVSS Base Score is 7.6. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

173. Spoofing - Azure DevOps Server (CVE-2024-35267) - Medium [250]

Description: Azure DevOps Server Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.514Azure DevOps Server
CVSS Base Score0.810CVSS Base Score is 7.6. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

174. Spoofing - Microsoft Edge for iOS (CVE-2024-30057) - Medium [238]

Description: Microsoft Edge for iOS Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.514Microsoft Edge for iOS
CVSS Base Score0.510CVSS Base Score is 5.4. According to Microsoft data source
EPSS Percentile0.210EPSS Probability is 0.00046, EPSS Percentile is 0.17143

MS PT Extended: CVE-2024-30057 was published before July 2024 Patch Tuesday from 2024-06-12 to 2024-07-08

Low (1)

175. Unknown Vulnerability Type - Unknown Product (CVE-2024-37985) - Low [71]

Description: {'ms_cve_data_all': 'Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Microsoft data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

Qualys: CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers An attacker must take additional actions before exploitation to successfully prepare the target environment to exploit the vulnerability. On successful exploitation, an attacker may view heap memory from a privileged process running on the server.

Exploitation in the wild detected (2)

Spoofing (1)

Elevation of Privilege (1)

Public exploit exists, but exploitation in the wild is NOT detected (1)

Spoofing (1)

Other Vulnerabilities (172)

Information Disclosure (8)

Remote Code Execution (64)

Security Feature Bypass (27)

Elevation of Privilege (25)

Denial of Service (17)

Memory Corruption (20)

Spoofing (10)

Unknown Vulnerability Type (1)