2651 matches found
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day...
Microsoft Defender Security Vulnerability
Microsoft Defender is a threat protection software from Microsoft USA. A security vulnerability exists in Microsoft Defender for Endpoint. The following products and versions are affected: Microsoft Defender for Endpoint for Windows for Windows 10 Version 1809 for 32-bit Systems,Microsoft Defende...
Microsoft WDAC OLE DB provider for SQL Security Vulnerability
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and versions are affected: Windows 10 Version 21H2...
PT-2024-1730 · Microsoft · Wdac Odbc Driver +1
Name of the Vulnerable Software and Affected Versions: Microsoft WDAC ODBC Driver affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft WDAC ODBC Driver. This allows a remote attacker to execute arbitrary code. The vulnerability can be...
PT-2024-1959 · Microsoft · Wdac Ole Db Provider For Sql Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to execute arbitrary code. This can affect the...
Microsoft WDAC OLE DB provider for SQL Security Vulnerability
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and editions are affected: Windows 10 Version 21H2...
Microsoft WDAC OLE DB provider for SQL Security Vulnerability
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and versions are affected:Windows 10 Version 1607...
PT-2024-1824
Name of the Vulnerable Software and Affected Versions Microsoft Defender for Endpoint affected versions not specified Description The issue is related to insufficient access control in Microsoft Defender for Endpoint, which can be exploited to elevate privileges. There is no information provided...
CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative...
PT-2024-2017 · Microsoft · Wdac Ole Db Provider For Sql Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to numerical truncation errors in the Microsoft WDAC OLE DB provider for SQL Server. It allows remote attackers to execute arbitra...
PT-2024-1958 · Microsoft · Wdac Ole Db Provider For Sql Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft WDAC OLE DB provider for SQL Server, which can be exploited by a remote attacker...
Windows Defender Detection Mitigation Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...
Windows Defender Detection Mitigation Bypass Vulnerability
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...
WordPress Defender Security Plugin <= 4.4.1 is vulnerable to Bypass Vulnerability
Software Defender Security Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-25595 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 5f5aded4cf8d Credits Yudistira Arya Required privile...
CVE-2024-22312
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...
CVE-2024-22312
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...
CVE-2024-22313
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...
CVE-2024-22313
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...
CVE-2023-50957
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...
Hardcoded credentials
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...