ChakraCore, Internet Explorer, Microsoft Edge Security Vulnerabilities

Microsoft Azure Migrate Auto Update < 6.1.294.1008 XSS

The version of Microsoft Azure Migrate installed on the remote Windows host is prior to 6.1.294.1008. It is, therefore, affected by a cross-site scripting vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2024-2540)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.412.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2540 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ...

K000139616: MySQL vulnerability CVE-2024-21051

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

Microsoft Windows Multiple Vulnerabilities (KB5037770)

This host is missing an important security update according to Microsoft...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed...

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users,...

CVE-2024-32465

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target...

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...

CVE-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

CVE-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......

Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review

Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Microsoft Power BI Client JavaScript SDK Information Disclosure...

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Microsoft Power BI Client JavaScript SDK Information Disclosure...

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

After a relatively hefty Microsoft Patch Tuesday in April, this month's security update from the company only included one critical vulnerability across its massive suite of products and services. In all, May's slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which...

CVE-2024-30059

Microsoft Intune for Android Mobile Application Management Tampering...

CVE-2024-30053

Azure Migrate Cross-Site Scripting...

CVE-2024-30054

Microsoft Power BI Client JavaScript SDK Information Disclosure...

CVE-2024-30050

Windows Mark of the Web Security Feature Bypass...

CVE-2024-30051

Windows DWM Core Library Elevation of Privilege...

CVE-2024-30049

Windows Win32 Kernel Subsystem Elevation of Privilege...

CVE-2024-30048

Dynamics 365 Customer Insights Spoofing...

CVE-2024-30047

Dynamics 365 Customer Insights Spoofing...

CVE-2024-30045

.NET and Visual Studio Remote Code Execution...

CVE-2024-30046

Visual Studio Denial of Service...

CVE-2024-30046

Visual Studio Denial of Service...

CVE-2024-30045

.NET and Visual Studio Remote Code Execution...

CVE-2024-30044

Microsoft SharePoint Server Remote Code Execution...

CVE-2024-30043

Microsoft SharePoint Server Information Disclosure...

CVE-2024-30042

Microsoft Excel Remote Code Execution...

CVE-2024-30041

Microsoft Bing Search Spoofing...

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass...

CVE-2024-30039

Windows Remote Access Connection Manager Information Disclosure...

CVE-2024-30038

Win32k Elevation of Privilege...

CVE-2024-30037

Windows Common Log File System Driver Elevation of Privilege...

CVE-2024-30036

Windows Deployment Services Information Disclosure...

CVE-2024-30035

Windows DWM Core Library Elevation of Privilege...

CVE-2024-30034

Windows Cloud Files Mini Filter Driver Information Disclosure...

CVE-2024-30033

Windows Search Service Elevation of Privilege...

CVE-2024-30032

Windows DWM Core Library Elevation of Privilege...

CVE-2024-30031

Windows CNG Key Isolation Service Elevation of Privilege...

CVE-2024-30030

Win32k Elevation of Privilege...