Security Vulnerabilities - CVEs Published In May 2024
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS Score
8.8
EPSS Score
0.332
Published
2024-05-14
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-05-14
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-05-14
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-14
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
CVSS Score
6.8
EPSS Score
0.005
Published
2024-05-14
Azure Migrate Cross-Site Scripting Vulnerability
CVSS Score
6.5
EPSS Score
0.014
Published
2024-05-14
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.122
Published
2024-05-14
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS Score
5.4
EPSS Score
0.092
Published
2024-05-14
CVE-2024-30051
Windows DWM Core Library Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.566
Published
2024-05-14
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.006
Published
2024-05-14