Security Vulnerabilities - CVEs Published In February 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-consoleĀ docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-02-13
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
CVSS Score
9.1
EPSS Score
0.006
Published
2024-02-13
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed anĀ attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
6.3
EPSS Score
0.005
Published
2024-02-13
CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.8
EPSS Score
0.934
Published
2024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.015
Published
2024-02-13
.NET Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.022
Published
2024-02-13
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.001
Published
2024-02-13
Windows Printing Service Spoofing Vulnerability
CVSS Score
7.5
EPSS Score
0.013
Published
2024-02-13
CVE-2024-21410
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
9.8
EPSS Score
0.022
Published
2024-02-13
CVE-2024-21412
Internet Shortcut Files Security Feature Bypass Vulnerability
Known exploited
CVSS Score
8.1
EPSS Score
0.938
Published
2024-02-13