Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-21410 Unspecified vulnerability in Microsoft Exchange Server 2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-02-13 CVE-2024-21412 Unspecified vulnerability in Microsoft products
Internet Shortcut Files Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.1
8.1
2024-02-13 CVE-2024-22923 SQL Injection vulnerability in Advradius ADV Radius 2.2.5
SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.
network
low complexity
advradius CWE-89
critical
 9.8
9.8
2024-02-13 CVE-2024-1096 NULL Pointer Dereference vulnerability in Filseclab Twister Antivirus 8.17
Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.
local
low complexity
filseclab CWE-476
5.5
5.5
2024-02-13 CVE-2024-1140 Out-of-bounds Read vulnerability in Filseclab Twister Antivirus 8.17
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
local
low complexity
filseclab CWE-125
5.5
5.5
2024-02-13 CVE-2024-23440 Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
local
high complexity
CWE-125
6.3
6.3
2024-02-13 CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
network
low complexity
 7.5
7.5
2024-02-13 CVE-2023-5517 A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
 7.5
7.5
2024-02-13 CVE-2023-5679 A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
 7.5
7.5
2024-02-13 CVE-2023-5680 If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
network
low complexity
 5.3
5.3