ChakraCore, Internet Explorer, Microsoft Edge Security Vulnerabilities
laravel framework Unexpected database bindings via requests
This is a follow-up to the security advisory https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to...
laravel framework Unexpected database bindings via requests
This is a follow-up to the security advisory https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to...
7.8CVSS
0.004EPSS
Apple and Google join forces to stop unwanted tracking
Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being...
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
4.9CVSS
6AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...
Security Updates for Microsoft Office Online Server (May 2023)
The Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following: Microsoft Excel is affected by a remote code execution vulnerability. (CVE-2024-30042) Note that Nessus has not tested for this issue but has instead relied...
Security Updates for Microsoft Office Products (May 2024) (macOS)
The version of Microsoft Office for Mac installed on the remote host is affected by a vulnerability as referenced in the may-14-2024 advisory. Microsoft Excel Remote Code Execution Vulnerability (CVE-2024-30042) Note that Nessus has not tested for this issue but has instead relied only on the...
Security Updates for Microsoft Office Products C2R (May 2024)
The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability: Microsoft Excel is affected by a remote code execution vulnerability. (CVE-2024-30042) Note that Nessus has not tested for this issue but has instead relied only on the...
Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
4.9CVSS
6AI Score
0.0004EPSS
K000139594 : libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.8CVSS
7.2AI Score
0.001EPSS
K000139615 : Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
6.5CVSS
6.5AI Score
0.0004EPSS
K000139616 : MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.9CVSS
6AI Score
0.0004EPSS
Microsoft Azure Migrate Auto Update < 6.1.294.1008 XSS
The version of Microsoft Azure Migrate installed on the remote Windows host is prior to 6.1.294.1008. It is, therefore, affected by a cross-site scripting vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...
5.9CVSS
6AI Score
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...
5.9CVSS
6AI Score
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....
6.3CVSS
6.7AI Score
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....
6.3CVSS
6.7AI Score
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users,...
8.8CVSS
8.4AI Score
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....
8.8CVSS
9AI Score
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.5CVSS
6.2AI Score
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.5CVSS
6.2AI Score
After a relatively hefty Microsoft Patch Tuesday in April, this month's security update from the company only included one critical vulnerability across its massive suite of products and services. In all, May's slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which...
8.8CVSS
7.3AI Score
6.1CVSS
6.2AI Score
6.5CVSS
6.2AI Score
6.5CVSS
6.2AI Score
5.4CVSS
6.2AI Score
7.8CVSS
8.2AI Score
7.8CVSS
7.9AI Score
7.6CVSS
7.4AI Score
7.6CVSS
7.4AI Score
5.9CVSS
5.9AI Score
6.3CVSS
6.6AI Score
8.8CVSS
8.8AI Score
6.5CVSS
6.1AI Score
7.8CVSS
7.8AI Score
5.4CVSS
5.5AI Score
8.8CVSS
8.6AI Score
5.5CVSS
5.4AI Score
7.8CVSS
7.9AI Score
7.5CVSS
7.5AI Score
6.5CVSS
6.3AI Score
7.8CVSS
7.9AI Score
5.5CVSS
5.6AI Score
7CVSS
6.9AI Score
7.8CVSS
7.9AI Score
7.8CVSS
7.6AI Score