July 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 144 CVEs
Published on Jul 9, 2024 • Last updated on Nov 15, 2024
July 2024 Risk Analysis
Critical Vulnerabilities
CVE-2024-38060
Windows Imaging Component Remote Code Execution Vulnerability
A heap-based buffer overflow vulnerability in the Windows Imaging Component allows authenticated attackers to achieve remote code execution by uploading malicious TIFF files through the network, requiring no user interaction. The vulnerability enables attackers with low-level privileges to potentially gain unauthorized system access, modify critical files, and disrupt services across multiple Windows operating system versions. Given the high impact on system confidentiality, integrity, and availability, combined with the relatively low complexity of exploitation, this vulnerability represents a significant security risk to enterprise environments where the Windows Imaging Component is exposed.
CVE-2024-38080
Windows Hyper-V Elevation of Privilege Vulnerability
Exploit
A Windows Hyper-V vulnerability allows local attackers with low privileges to execute an integer overflow attack, enabling elevation to SYSTEM privileges with no user interaction required. The high-severity flaw impacts both confidentiality and integrity of affected systems, potentially giving attackers full control over the Hyper-V environment and hosted virtual machines. Given that proof-of-concept code is publicly available and the vulnerability is being actively exploited in the wild, this poses an immediate threat to unpatched Hyper-V installations.
CVE-2024-38074
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
A critical remote code execution vulnerability in Windows Remote Desktop Licensing Service allows unauthenticated attackers to execute arbitrary code by sending specially crafted packets to affected servers. The network-based attack vector requires no user interaction and can lead to complete system compromise, potentially allowing attackers to gain full control of the affected system, access sensitive data, and disrupt operations. Given the high severity, widespread impact across multiple Windows Server versions, and the lack of required authentication or user interaction, this vulnerability represents a significant threat to enterprise environments relying on Remote Desktop Services.
CVE-2024-38182
<p>Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.</p>
A weak authentication vulnerability in Microsoft Dynamics 365 enables unauthenticated network-based attackers to elevate their privileges, potentially compromising system resources beyond the vulnerable component. The high-severity flaw affects confidentiality, integrity, and availability of systems, requiring no user interaction for exploitation, though attack complexity remains high. While Microsoft has already fully mitigated this vulnerability in their cloud service, its severity and potential for privilege escalation across system boundaries makes it a significant security concern.
CVE-2024-38112
Windows MSHTML Platform Spoofing Vulnerability
Exploit
A high-complexity spoofing vulnerability in the Windows MSHTML Platform requires an attacker to perform preparatory actions and convince a user to execute a malicious file for successful exploitation. If exploited, this vulnerability enables attackers to compromise system confidentiality, integrity, and availability through resource manipulation and content spoofing, with particularly severe implications given its confirmed exploitation in the wild.
CVE-2024-38089
Microsoft Defender for IoT Elevation of Privilege Vulnerability
A critical elevation of privilege vulnerability in Microsoft Defender for IoT allows attackers to escape AppContainer isolation and execute commands on the host system through the sensor-app docker container, requiring only network access and low privileges with no user interaction. The successful exploitation enables attackers to bypass container boundaries, impersonate non-AppContainer tokens, and potentially gain control over the entire system, with the impact extending beyond the vulnerable component to affect multiple containers and system resources. This vulnerability is particularly concerning for IoT security monitoring infrastructure as it could compromise the confidentiality, integrity, and availability of IoT device management systems.
CVE-2024-38077
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Exploit
A critical heap-based buffer overflow vulnerability in the Windows Remote Desktop Licensing Service enables unauthenticated remote code execution through malicious network messages, requiring no user interaction or privileges. The flaw allows attackers to gain complete control over affected Windows Server systems, potentially leading to unauthorized access, data manipulation, and service disruption across multiple server versions. Given the existence of multiple public proof-of-concept exploits and the widespread deployment of affected systems, this vulnerability represents a severe threat to enterprise environments.
CVE-2024-38021
Microsoft Office Remote Code Execution Vulnerability
Exploit
A remote code execution vulnerability in Microsoft Office products allows attackers to bypass Protected View Protocol through crafted malicious links, requiring user interaction with blocked content to initiate execution. Upon successful exploitation, an attacker can gain high-privilege access with complete read, write, and delete capabilities, potentially compromising the confidentiality, integrity, and availability of the affected system. The low attack complexity combined with the network attack vector makes this a significant threat to organizations using affected Microsoft Office products.
CVE-2024-38076
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
A critical heap-based buffer overflow vulnerability in Windows Remote Desktop Licensing Service allows unauthenticated attackers to achieve remote code execution by sending specially crafted packets to affected servers. The vulnerability requires no user interaction and can be exploited over the network to potentially gain full system control, access sensitive information, and compromise the confidentiality, integrity, and availability of affected Windows Server systems. Given the service's widespread use in enterprise environments and the ease of exploitation without user interaction or special privileges, this vulnerability poses a severe risk to organizational security.
CVE-2024-38164
<p>An improper access control vulnerability in <a href="https://groupme.com/">GroupMe</a> allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p>
An improper access control vulnerability in GroupMe enables unauthenticated attackers to elevate privileges through social engineering tactics that convince users to click malicious links, resulting in a network-based attack vector. The vulnerability poses significant risks to system security with high potential impact on confidentiality, integrity, and availability, potentially allowing unauthorized access to sensitive data and system modifications. While the vulnerability requires user interaction for exploitation, its high severity and potential for privilege escalation makes it a critical security concern, though Microsoft has already fully mitigated the issue.
All vulnerabilities
CVE ID | CVSS Score | Product | Trend | Exploit |
|---|---|---|---|---|
CVE-2024-38182<p>Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.</p>
| CVSS 9 | dynamics_365 | - | |
CVE-2024-38176<p>An improper restriction of excessive authentication attempts in <a href="https://groupme.com/">GroupMe</a> allows a unauthenticated attacker to elevate privileges over a network.</p>
| CVSS 8.1 | groupme | - | |
CVE-2024-38164<p>An improper access control vulnerability in <a href="https://groupme.com/">GroupMe</a> allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p>
| CVSS 8.8 | access | - | |
CVE-2024-38156Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 6.1 | edge | - | |
CVE-2024-38112Windows MSHTML Platform Spoofing Vulnerability | CVSS 7.5 | windows | Jul 9, 2024 | |
CVE-2024-38105Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38104Windows Fax Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-38103Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | CVSS 5.9 | edge | - | |
CVE-2024-38102Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38101Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38100Windows File Explorer Elevation of Privilege Vulnerability | CVSS 7.8 | windows_server | Aug 5, 2024 | |
CVE-2024-38099Windows Remote Desktop Licensing Service Denial of Service Vulnerability | CVSS 5.9 | windows_server_2008 | - | |
CVE-2024-38095Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exists when System.Formats.Asn1 in .NET parses an X.509 certificate or collection of certificates, a malicious certificate can result in excessive CPU consumption on all platforms result in Denial of Service. | CVSS 7.5 | .net | - | |
CVE-2024-38094Microsoft SharePoint Remote Code Execution Vulnerability | CVSS 7.2 | remote | Oct 22, 2024 | |
CVE-2024-38092Azure CycleCloud Elevation of Privilege Vulnerability | CVSS 8.8 | azure_cyclecloud | - | |
CVE-2024-38091Microsoft WS-Discovery Denial of Service Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-38089Microsoft Defender for IoT Elevation of Privilege Vulnerability | CVSS 9.9 | defender_for_iot | - | |
CVE-2024-38088SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-38087SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-38086Azure Kinect SDK Remote Code Execution Vulnerability | CVSS 6.4 | azure | - | |
CVE-2024-38085Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38081Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 . This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exist in Visual Studio installer on Windows OS where an unprivileged user is allowed to manipulate the Visual Studio installation resulting in elevation of privilege. | CVSS 7.3 | .NET | - | |
CVE-2024-38080Windows Hyper-V Elevation of Privilege Vulnerability | CVSS 7.8 | windows | Jul 9, 2024 | |
CVE-2024-38079Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38078Xbox Wireless Adapter Remote Code Execution Vulnerability | CVSS 7.5 | windows_11_21h2 | - | |
CVE-2024-38077Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 9.8 | windows_server | Aug 9, 2024 | |
CVE-2024-38076Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 9.8 | windows_server | - | |
CVE-2024-38075The CVE description is not yet available but Feedly AI found some discussions about it | - | - | - | |
CVE-2024-38074Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 9.8 | windows_server_2008 | - | |
CVE-2024-38073Windows Remote Desktop Licensing Service Denial of Service Vulnerability | CVSS 7.5 | windows_server_2008 | - | |
CVE-2024-38072Windows Remote Desktop Licensing Service Denial of Service Vulnerability | CVSS 7.5 | windows_server | - | |
CVE-2024-38071Windows Remote Desktop Licensing Service Denial of Service Vulnerability | CVSS 7.5 | windows_server_2008 | - | |
CVE-2024-38070Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | CVSS 7.8 | Windows | - | |
CVE-2024-38069Windows Enroll Engine Security Feature Bypass Vulnerability | CVSS 7 | windows | - | |
CVE-2024-38068Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38067Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | CVSS 7.5 | windows_server_2008 | - | |
CVE-2024-38066Windows Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38065Secure Boot Security Feature Bypass Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-38064Windows TCP/IP Information Disclosure Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38062An out-of-bounds read vulnerability exists in the License Update Field Type 0xCC functionality of Microsoft Windows CLIPSP.SYS 10.0.22621 Build 22621. A specially crafted license blob can lead to denial of service. An attacker can use the NtQuerySystemInformation function call to trigger this vulnerability. | CVSS 7.8 | windows | - | |
CVE-2024-38061DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38060Windows Imaging Component Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-38059Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38058BitLocker Security Feature Bypass Vulnerability | CVSS 6.8 | bitlocker | Aug 15, 2024 | |
CVE-2024-38057Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38056Microsoft Windows Codecs Library Information Disclosure Vulnerability | CVSS 5.5 | windows | - | |
CVE-2024-38055Microsoft Windows Codecs Library Information Disclosure Vulnerability | CVSS 5.5 | windows | - | |
CVE-2024-38054Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | Aug 23, 2024 | |
CVE-2024-38053Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-38052Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38051Windows Graphics Component Remote Code Execution Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38050Windows Workstation Service Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38049Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-38048Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38047PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | powershell | - | |
CVE-2024-38044DHCP Server Service Remote Code Execution Vulnerability | CVSS 7.2 | dhcp | - | |
CVE-2024-38043PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | powershell | - | |
CVE-2024-38041Windows Kernel Information Disclosure Vulnerability | CVSS 5.5 | Windows | Sep 16, 2024 | |
CVE-2024-38034Windows Filtering Platform Elevation of Privilege Vulnerability | CVSS 7.8 | Windows | - | |
CVE-2024-38033PowerShell Elevation of Privilege Vulnerability | CVSS 7.3 | powershell | - | |
CVE-2024-38032Microsoft Xbox Remote Code Execution Vulnerability | CVSS 7.1 | remote | - | |
CVE-2024-38031Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | CVSS 7.5 | windows_server_2008 | - | |
CVE-2024-38030Windows Themes Spoofing Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38028Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | CVSS 7.2 | windows | - | |
CVE-2024-38027Windows Line Printer Daemon Service Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38025Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | CVSS 7.2 | windows | - | |
CVE-2024-38024Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | Jul 10, 2024 | |
CVE-2024-38023Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | Jul 10, 2024 | |
CVE-2024-38022Windows Image Acquisition Elevation of Privilege Vulnerability | CVSS 7 | windows_10_1507 | - | |
CVE-2024-38021Microsoft Office Remote Code Execution Vulnerability | CVSS 8.8 | 365_apps | Jul 9, 2024 | |
CVE-2024-38020Microsoft Outlook Spoofing Vulnerability | CVSS 6.5 | 365_apps | - | |
CVE-2024-38019Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | CVSS 7.2 | windows | - | |
CVE-2024-38017Microsoft Message Queuing Information Disclosure Vulnerability | CVSS 5.5 | message_queuing | - | |
CVE-2024-38015Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38013Microsoft Windows Server Backup Elevation of Privilege Vulnerability | CVSS 6.7 | windows_10_1507 | - | |
CVE-2024-38011Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-38010Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37989Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37988Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37987Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37986Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37984Secure Boot Security Feature Bypass Vulnerability | CVSS 8.4 | windows | - | |
CVE-2024-37981Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37978Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows_11_22h2 | - | |
CVE-2024-37977Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37975Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37974Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37973Secure Boot Security Feature Bypass Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-37972Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37971Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37970Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37969Secure Boot Security Feature Bypass Vulnerability | CVSS 8 | windows | - | |
CVE-2024-37336SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37334Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | ole_db_driver_for_sql_server | - | |
CVE-2024-37333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37331SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37330SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37329SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37328SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37327SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37326SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37324SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37323SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37322SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37321SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37320SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37319SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37318SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-35272SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-35271SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-35270Windows iSCSI Service Denial of Service Vulnerability | CVSS 5.3 | windows | - | |
CVE-2024-35267Azure DevOps Server Spoofing Vulnerability | CVSS 7.6 | azure_devops_server | - | |
CVE-2024-35266Azure DevOps Server Spoofing Vulnerability | CVSS 7.6 | azure_devops_server | - | |
CVE-2024-35264Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exists in ASP.NET Core 8 where Data Corruption in Kestrel HTTP/3 can result in remote code execution. Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.7 | CVSS 8.1 | .net | Jul 10, 2024 | |
CVE-2024-35261Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | CVSS 7.8 | azure_network_watcher | - | |
CVE-2024-35256SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-32987Microsoft SharePoint Server Information Disclosure Vulnerability | CVSS 7.5 | sharepoint_server | - | |
CVE-2024-30105Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when calling the JsonSerializer.DeserializeAsyncEnumerable method against an untrusted input using System.Text.Json may result in Denial of Service. | CVSS 7.5 | .net | - | |
CVE-2024-30098Windows Cryptographic Services Security Feature Bypass Vulnerability | CVSS 7.5 | Windows | - | |
CVE-2024-30081Windows NTLM Spoofing Vulnerability | CVSS 7.1 | windows | - | |
CVE-2024-30079Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30071Windows Remote Access Connection Manager Information Disclosure Vulnerability | CVSS 4.7 | Windows | - | |
CVE-2024-30061Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | CVSS 7.3 | dynamics_365 | - | |
CVE-2024-30013Windows MultiPoint Services Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-28928SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-28899Secure Boot Security Feature Bypass Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-26184Secure Boot Security Feature Bypass Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-21449SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21428SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21425SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21417Windows Text Services Framework Elevation of Privilege Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-21415SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21414SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21398SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21373SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21335SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21331SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21317SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-21308SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | SQL Server | - | |
CVE-2024-21303SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-20701SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - |
