Security Vulnerabilities - CVEs Published In April 2024
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.04
Published
2024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.03
Published
2024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.03
Published
2024-04-09
CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.628
Published
2024-04-09
Azure AI Search Information Disclosure Vulnerability
CVSS Score
7.3
EPSS Score
0.012
Published
2024-04-09
Windows Hyper-V Denial of Service Vulnerability
CVSS Score
6.2
EPSS Score
0.004
Published
2024-04-09
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVSS Score
7.2
EPSS Score
0.012
Published
2024-04-09
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).
CVSS Score
8.1
EPSS Score
0.001
Published
2024-04-09
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVSS Score
7.2
EPSS Score
0.034
Published
2024-04-09
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVSS Score
7.2
EPSS Score
0.054
Published
2024-04-09