This time we have a few vulnerabilities from Google and Microsoft:
- Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
- Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
- Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
- Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
- Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
- Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-3159.
http://www.zerodayinitiative.com/advisories/ZDI-24-367/
Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2886.
http://www.zerodayinitiative.com/advisories/ZDI-24-365/
Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2887.
http://www.zerodayinitiative.com/advisories/ZDI-24-366/
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26158.
http://www.zerodayinitiative.com/advisories/ZDI-24-363/
Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-29988.
http://www.zerodayinitiative.com/advisories/ZDI-24-361/
Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure Private 5G Core. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.9. The following CVEs are assigned: CVE-2024-20685.
http://www.zerodayinitiative.com/advisories/ZDI-24-362/
Leave a comment