[CISA-2024:0709] CISA Adds 3 Known Exploited Vulnerabilities to Catalog

Severity Critical
CVEs 3

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

[CVE-2024-23692] Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.


[CVE-2024-38080] Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.


[CVE-2024-38112] Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

ID
CISA-2024:0709
Severity
critical
URL
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Published
2024-07-09T00:00:00
(5 days ago)
Modified
2024-07-09T00:00:00
(5 days ago)
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...