Security Vulnerabilities - CVEs Published In February 2024
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS Score
7.3
EPSS Score
0.007
Published
2024-02-13
Insufficient verification of data authenticity in
the configuration state machine may allow a local attacker to potentially load
arbitrary bitstreams.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-13
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-02-13
Azure DevOps Server Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-13
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2024-02-13
Azure Stack Hub Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.005
Published
2024-02-13
Windows Hyper-V Denial of Service Vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2024-02-13
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-13
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)
CVSS Score
6.1
EPSS Score
0.003
Published
2024-02-13
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)
CVSS Score
6.1
EPSS Score
0.004
Published
2024-02-13