ChakraCore, Internet Explorer, Microsoft Edge Security Vulnerabilities
8.4AI Score
0.0005EPSS
8.1AI Score
0.0004EPSS
7.7AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
7.7AI Score
0.001EPSS
6.7AI Score
0.001EPSS
7.7AI Score
0.001EPSS
6.6AI Score
0.0004EPSS
8.8AI Score
0.001EPSS
7.3AI Score
0.001EPSS
Description of the security update for Office Online Server: May 14, 2024 (KB5002503)
Description of the security update for Office Online Server: May 14, 2024 (KB5002503) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisory: Microsoft Excel Remote Code Execution...
7.4AI Score
May 14, 2024—KB5037836 (Security-only update)
May 14, 2024—KB5037836 (Security-only update) __ **End of support information ** Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information,...
7AI Score
Microsoft Windows Search Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Search.....
7CVSS
6.8AI Score
KB5037763: Windows 10 Version 1607 / Windows Server 2016 Security Update (May 2024)
The remote Windows host is missing security update 5037763. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8AI Score
Security Updates for Microsoft SharePoint Server 2016 (May 2024)
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary...
7.1AI Score
Security Updates for Microsoft SharePoint Server Subscription Edition (May 2024)
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized...
7.1AI Score
Intel BIOS Guard and PPAM Firmware May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...
7.6AI Score
0.0004EPSS
Security Update for Microsoft .NET Core (May 2024)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory. .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Note that Nessus has not tested for this issue...
6.6AI Score
K000139608: MySQL Server vulnerability CVE-2024-21087
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....
5.7AI Score
0.0004EPSS
Microsoft Edge (Chromium) < 124.0.2478.105 (CVE-2024-4761)
The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.105. It is, therefore, affected by a vulnerability as referenced in the May 14, 2024 advisory. Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an ...
8.2AI Score
Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
7.2AI Score
0.0004EPSS
.NET 6.0 Update - May 14, 2024 (KB5038350)
.NET 6.0 Update - May 14, 2024 (KB5038350) .NET 6.0 has been refreshed with the latest update as of May 14, 2024. This update contains only non-security fixes. See the release notes for details on updated packages..NET 6.0 servicing updates are upgrades. The latest servicing update for 6.0 will...
6.9AI Score
Security Updates for Microsoft SharePoint Server 2019 (May 2024)
The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary...
7.1AI Score
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature...
7.3AI Score
0.009EPSS
KB5037823: Windows Server 2012 R2 Security Update (May 2024)
The remote Windows host is missing security update 5037823. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023,...
7.5AI Score
KB5037782: Windows 2022 / Azure Stack HCI 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037782 or Azure HotPatch 5037848. It is, therefore, affected by multiple vulnerabilities: Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege...
7.6AI Score
This Week in Spring - May 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output...
7.1AI Score
Security Updates for Microsoft Excel Products (May 2024)
The Microsoft Excel Products are missing a security update. They are, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead...
8.1AI Score
KB5037770: Windows 11 version 21H2 Security Update (May 2024)
The remote Windows host is missing security update 5037770. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.6AI Score
K000139606: MySQL Server vulnerabiliity CVE-2024-21047
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....
5.7AI Score
0.0004EPSS
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
5.6AI Score
0.0004EPSS
KB5037836: Windows Server 2008 Security Update (May 2024)
The remote Windows host is missing security update 5037836. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023,...
8.8AI Score
KB5037771: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037771. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.6AI Score
KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)
The remote Windows host is missing security update 5037765. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.6AI Score
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM...
7.6AI Score
0.001EPSS
KB5037788: Windows 10 LTS 1507 Security Update (May 2024)
The remote Windows host is missing security update 5037788. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.5AI Score
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the BaseXmlDataSource class. Due to the improper restriction of XML External...
6.5CVSS
5.9AI Score
KB5037768: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037768. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.6AI Score
KB5037778: Windows Server 2012 Security Update (May 2024)
The remote Windows host is missing security update 5037778. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023,...
7.5AI Score
KB5037803: Windows Server 2008 R2 Security Update (May 2024)
The remote Windows host is missing security update 5037803. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023,...
8.8AI Score
Microsoft Windows cldflt Type Confusion Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
5.5CVSS
8.2AI Score
Fuji Xerox / Fujifilm Printers CSRF Vulnerability (Mar 2024)
Multiple Fuji Xerox / Fujifilm printers are prone to cross-site request forgery (CSRF)...
7.4AI Score
0.0004EPSS
KB5037781: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037781. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
7.6AI Score
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8AI Score
0.975EPSS
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8AI Score
0.975EPSS
Exploit for Vulnerability in Microsoft
Gerenciamento da implantação de alterações de associação de...
7.4AI Score
Directus Lacks Session Tokens Invalidation
Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....
7AI Score
0.0004EPSS
Directus Lacks Session Tokens Invalidation
Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....
6.8AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...
7.1AI Score