Security Vulnerabilities - CVEs Published In August 2024
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2024-08-13
CVE-2024-38106
Windows Kernel Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.0
EPSS Score
0.003
Published
2024-08-13
CVE-2024-38107
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.023
Published
2024-08-13
Windows Kerberos Elevation of Privilege Vulnerability
CVSS Score
8.1
EPSS Score
0.048
Published
2024-08-13
Windows DNS Spoofing Vulnerability
CVSS Score
7.5
EPSS Score
0.094
Published
2024-08-13
symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-08-13
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-08-13
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-08-13
Insufficient
validation of the Input Output Control (IOCTL) input buffer in AMD μProf may
allow an authenticated attacker to cause an out-of-bounds write, potentially
causing a Windows® OS crash, resulting in denial of service.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-08-13
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-08-13