ChakraCore, Microsoft Edge Security Vulnerabilities

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be.....

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop....

Johnson Controls Software House C-CURE 9000

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Software House C●CURE 9000 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to...

CVE-2024-34773

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-34772

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-34771

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-33493

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-33492

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-33491

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-33490

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

CVE-2024-33489

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...

Chromium: CVE-2024-4761 Out of bounds write in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2024-4761 exists in the...

May 14, 2024—KB5037800 (Monthly Rollup)

May 14, 2024—KB5037800 (Monthly Rollup) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended...

Microsoft SharePoint Server Information Disclosure Vulnerability

...

Windows MSHTML Platform Security Feature Bypass Vulnerability

...

Win32k Elevation of Privilege Vulnerability

...

Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

...

Windows Mark of the Web Security Feature Bypass Vulnerability

...

DHCP Server Service Denial of Service Vulnerability

...

Windows Cryptographic Services Remote Code Execution Vulnerability

...

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

Windows DWM Core Library Information Disclosure Vulnerability

...

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

...

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

...

Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability

...

May 14, 2024—KB5037780 (Monthly Rollup)

May 14, 2024—KB5037780 (Monthly Rollup) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update...

May 14, 2024— KB5037848 (OS Build 20348.2458)

May 14, 2024— KB5037848 (OS Build 20348.2458) Improvements and fixes This security update includes quality improvements. When you install this KB: This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to...

.NET 8.0 Update - May 14, 2024 (KB5038352)

.NET 8.0 Update - May 14, 2024 (KB5038352) NET 8.0 has been refreshed with the latest update as of May 14, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 8.0 servicing updates are upgrades. The latest servicing update for....

May 14, 2024—KB5037765 (OS Build 17763.5820)

May 14, 2024—KB5037765 (OS Build 17763.5820) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...

May 14, 2024—KB5037788 (OS Build 10240.20651)

May 14, 2024—KB5037788 (OS Build 10240.20651) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...

Dynamics 365 Customer Insights Spoofing Vulnerability

...

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

...

Windows Search Service Elevation of Privilege Vulnerability

...

Windows Deployment Services Information Disclosure Vulnerability

...

Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

...

Windows Hyper-V Remote Code Execution Vulnerability

...

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

...

Windows Hyper-V Remote Code Execution Vulnerability

...

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

...

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

...

GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

...

Azure Migrate Cross-Site Scripting Vulnerability

...

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

May 14, 2024—KB5037823 (Monthly Rollup)

May 14, 2024—KB5037823 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

May 14, 2024—KB5037770 (OS Build 22000.2960)

May 14, 2024—KB5037770 (OS Build 22000.2960) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599)

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about.....

.NET and Visual Studio Remote Code Execution Vulnerability

...

Dynamics 365 Customer Insights Spoofing Vulnerability

...