Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-21312 |
Description: .NET Framework Denial of Service Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21311 |
Description: Windows Cryptographic Services Information Disclosure Vulnerability
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21310 |
Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.06%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21309 |
Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21307 |
Description: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.26%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21306 |
Description: Microsoft Bluetooth Driver Spoofing Vulnerability
CVSS: MEDIUM (5.7) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21305 |
Description: Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVSS: MEDIUM (4.4) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21304 |
Description: Trusted Compute Base Elevation of Privilege Vulnerability
CVSS: MEDIUM (4.1) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21302 |
Description: Summary:
Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.
Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.
This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.
Update: August 13, 2024
Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation...
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-20701 |
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|