Multiple Oracle MySQL Server Vulnerabilities
April 20, 2024Agent Tesla Malware – Active IOCs
April 20, 2024Multiple Oracle MySQL Server Vulnerabilities
April 20, 2024Agent Tesla Malware – Active IOCs
April 20, 2024Severity
Medium
Analysis Summary
CVE-2024-29986 CVSS:5.4
Microsoft Edge for Android (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-29987 CVSS:6.5
Microsoft Edge (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-27086 CVSS:3.9
Microsoft Authentication Library (MSAL) for .NETis vulnerable to a denial of service, caused by an incorrect activity export configuration. By using a specially crafted application, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-29986
- CVE-2024-29987
- CVE-2024-27086
Affected Vendors
Affected Products
- Microsoft Edge for Android (Chromium-based) 124.0
- Microsoft Edge (Chromium-based) 124.0
- Microsoft Authentication Library (MSAL) for .NET 4.48.0
- Microsoft Authentication Library (MSAL) for .NET 4.60.0
- Microsoft Authentication Library (MSAL) for .NET 4.59.0
- Microsoft Authentication Library (MSAL) for .NET 4.60.2
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.