Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
Description: The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
Source: Dark Reading
December 10th, 2024 (4 months ago)

CVE-2024-49138
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Description: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CISA KEV
December 10th, 2024 (4 months ago)
Windows 10 KB5048652 update fixes new motherboard activation bug
Description: Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. [...]
Source: BleepingComputer
December 10th, 2024 (4 months ago)
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Description: Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]
Source: BleepingComputer
December 10th, 2024 (4 months ago)
Windows 11 KB5048667 & KB5048685 cumulative updates released
Description: Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Source: BleepingComputer
December 10th, 2024 (4 months ago)
Microsoft 365 outage takes down Office web apps, admin center
Description: Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. [...]
Source: BleepingComputer
December 10th, 2024 (4 months ago)

CVE-2024-55578
Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
Description: Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)
Microsoft NTLM Zero-Day to Remain Unpatched Until April
Description: The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
Source: Dark Reading
December 9th, 2024 (4 months ago)
Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades
Description: Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they're causing Outlook launch issues. [...]
Source: BleepingComputer
December 9th, 2024 (4 months ago)

CVE-2024-49023
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVSS: MEDIUM (5.9)

EPSS Score: 0.09%

Source: CVE
December 9th, 2024 (4 months ago)