NVD disclosure day
CVE-2024-28986
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in SolarWinds Web Help Desk may allow an attacker to execute commands on affected systems. This could lead to unauthorized access, data compromise, and operational disruption. Organizations using this software face significant business risk.
CVE-2024-7593
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Ivanti Virtual Traffic Manager has a critical flaw allowing unauthorized remote attackers to bypass admin login, potentially taking control of your network traffic systems. This vulnerability is actively exploited.
CVE-2024-38213
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A security flaw in Windows allows attackers to bypass the Mark of the Web feature, potentially leading to unauthorized execution of malicious files. This impacts organizations using affected Windows systems, increasing the risk of compromise through user interaction with crafted files. Applying vendor mitigations is ad
CVE-2024-38193
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in the Windows Ancillary Function Driver for WinSock allows local attackers to escalate privileges to SYSTEM level. This impacts affected Windows operating systems, potentially leading to unauthorized access to data and disruption of business operations. The risk is elevated due to the potential for com
CVE-2024-38189
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Microsoft Project could allow remote code execution via a malicious file, affecting organizational data and systems. The risk to business operations is elevated as this is a known exploited vulnerability. Affected organizations should apply vendor updates.
CVE-2024-38178
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A scripting engine memory corruption vulnerability affects multiple Windows versions. Attackers can execute malicious code via a crafted URL, leading to potential data compromise and service disruption. Organizations should identify affected systems and apply vendor updates to mitigate business risk.
CVE-2024-38107
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Certain Microsoft Windows systems are affected by a vulnerability allowing local privilege escalation. This can lead to unauthorized system access and control, impacting data confidentiality and system integrity. Organizations should prioritize identifying and mitigating affected assets.
CVE-2024-38106
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A Windows Kernel vulnerability allows local attackers to elevate privileges, gaining SYSTEM-level access. Exploitation requires overcoming a race condition, posing a business risk to affected organizations.