CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38221 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-38221
Microsoft Edge (Chromium-based) Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38016 – Microsoft Office Visio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38016
Microsoft Office Visio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37985 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-37985
Windows Kernel Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985 • CWE-1037: Processor Optimization Removal or Modification of Security-critical Code •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-45383
https://notcve.org/view.php?id=CVE-2024-45383
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability. • https://github.com/SpiralBL0CK/CVE-2024-45383 https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008 • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-37980 – Microsoft SQL Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-37980
Microsoft SQL Server Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980 • CWE-269: Improper Privilege Management •