CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0056
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad del proveedor de datos SQL de Microsoft.Data.SqlClient y System.Data.SqlClient A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This may allow the attacker to steal authentication credentials intended for the database server, even if the connection is established over an encrypted channel like TLS. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 https://access.redhat.com/security/cve/CVE-2024-0056 https://bugzilla.redhat.com/show_bug.cgi?id=2255384 • CWE-319: Cleartext Transmission of Sensitive Information CWE-420: Unprotected Alternate Channel •
CVE-2024-21313 – Windows TCP/IP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21313
Windows TCP/IP Information Disclosure Vulnerability Vulnerabilidad de divulgación de información TCP/IP de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21313 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-21307 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21307
Remote Desktop Client Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del cliente de escritorio remoto • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21307 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2024-20691 – Windows Themes Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20691
Windows Themes Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en temas de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20691 • CWE-125: Out-of-bounds Read •
CVE-2024-20683 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20683
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683 • CWE-416: Use After Free •