Accordion & FAQ Security Vulnerabilities

[SECURITY] [DSA 5679-1] less security update

Debian Security Advisory DSA-5679-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian...

[SECURITY] [DSA 5678-1] glibc security update

Debian Security Advisory DSA-5678-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : glibc CVE ID : CVE-2024-33599 CVE-2024-33600...

[SECURITY] [DSA 5677-1] ruby3.1 security update

Debian Security Advisory DSA-5677-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2024 https://www.debian.org/security/faq Package : ruby3.1 CVE ID : CVE-2024-27280 CVE-2024-27281...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 282 vulnerabilities disclosed in 220...

[SECURITY] [DSA 5676-1] chromium security update

Debian Security Advisory DSA-5676-1 [email protected] https://www.debian.org/security/ Andres Salomon May 02, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4331 CVE-2024-4368...

IBM MQ DoS (7123139)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123139 advisory. IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering...

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

IBM MQ 9.3 <= 9.3.5.1 (7149581)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149581 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that...

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 / 9.3 <= 9.3.5.1 (7149586)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149586 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported...

IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7123135)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123135 advisory. Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function....

[SECURITY] [DSA 5675-1] chromium security update

Debian Security Advisory DSA-5675-1 [email protected] https://www.debian.org/security/ Andres Salomon April 26, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4058 CVE-2024-4059...

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7149582)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149582 advisory. IBM MQ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary...

IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 DoS (7149583)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149583 advisory. IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. (CVE-2024-25015) ...

[SECURITY] [DSA 5674-1] pdns-recursor security update

Debian Security Advisory DSA-5674-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 25, 2024 https://www.debian.org/security/faq Package : pdns-recursor CVE ID : CVE-2024-25583 It was...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 191 vulnerabilities disclosed in 156...

Important: glibc

Issue Overview: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable....

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are....

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage...

Medium: kernel

Issue Overview: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race...

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by....

Important: mod_http2

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. (CVE-2024-27316) Affected Packages: mod_http2 Note: This advisory is...

Important: bind

Issue Overview: Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol...

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol....

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

Medium: jose

Issue Overview: latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. (CVE-2023-50967) Affected Packages: jose Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section...

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file (CVE-2024-2955) Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ...

Important: qt5-qtbase

Issue Overview: Potential buffer overflow issue in QXmlStreamReader. When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash. (CVE-2023-37369) Affected Packages: qt5-qtbase Note: This advisory is applicable to Amazon Linux 2 (AL2)...

CVE-2024-3491

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3665

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

[SECURITY] [DSA 5673-1] glibc security update

Debian Security Advisory DSA-5673-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 23, 2024 https://www.debian.org/security/faq Package : glibc CVE ID : CVE-2024-2961 Debian Bug :...

Schema & Structured Data for WP & AMP < 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

Description The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This....

[SECURITY] [DSA 5672-1] openjdk-17 security update

Debian Security Advisory DSA-5672-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq Package : openjdk-17 CVE ID : CVE-2024-21011 CVE-2024-21012...

[SECURITY] [DSA 5671-1] openjdk-11 security update

Debian Security Advisory DSA-5671-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq Package : openjdk-11 CVE ID : CVE-2024-21011 CVE-2024-21012...

[SECURITY] [DSA 5670-1] thunderbird security update

Debian Security Advisory DSA-5670-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-2609 CVE-2024-3302...

[SECURITY] [DSA 5669-1] guix security update

Debian Security Advisory DSA-5669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq Package : guix CVE ID : CVE-2024-27297 It was discovered...

Rank Math SEO with AI SEO Tools < 1.0.217 - Contributor+ Stored Cross-Site Scripting via 'titleWrapper'

Description The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes.....

RHEL 5 : httpd and httpd22 (RHSA-2010:0011)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0011 advisory. httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply (CVE-2009-3094) httpd: mod_proxy_ftp FTP command...

[SECURITY] [DSA 5668-1] chromium security update

Debian Security Advisory DSA-5668-1 [email protected] https://www.debian.org/security/ Andres Salomon April 20, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-3832 CVE-2024-3833...

[SECURITY] [DSA 5667-1] tomcat9 security update

Debian Security Advisory DSA-5667-1 [email protected] https://www.debian.org/security/ Markus Koschany April 19, 2024 https://www.debian.org/security/faq Package : tomcat9 CVE ID : CVE-2023-46589 CVE-2024-23672...

[SECURITY] [DSA 5666-1] flatpak security update

Debian Security Advisory DSA-5666-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 19, 2024 https://www.debian.org/security/faq Package : flatpak CVE ID : CVE-2024-32462 Gergo Koteles...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 205 vulnerabilities disclosed in 197...

BWL Advanced FAQ Manager < 2.0.4 - Authenticated (Administrator+) SQL Injection

Description The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

[SECURITY] [DSA 5665-1] tomcat10 security update

Debian Security Advisory DSA-5665-1 [email protected] https://www.debian.org/security/ Markus Koschany April 17, 2024 https://www.debian.org/security/faq Package : tomcat10 CVE ID : CVE-2023-46589 CVE-2024-23672...

[SECURITY] [DSA 5664-1] jetty9 security update

Debian Security Advisory DSA-5664-1 [email protected] https://www.debian.org/security/ Markus Koschany April 17, 2024 https://www.debian.org/security/faq Package : jetty9 CVE ID : CVE-2024-22201 Jetty 9 is a Java...

.NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do to....

.NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do to....

[SECURITY] [DSA 5663-1] firefox-esr security update

Debian Security Advisory DSA-5663-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-2609 CVE-2024-3302...

HT Mega < 2.4.9 - Contributor+ Stored XSS via Accordion/FAQ

Description The plugin is vulnerable to Stored Cross-Site Scripting via Accordion widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...