[SECURITY] [DSA 5662-1] apache2 security update
Debian Security Advisory DSA-5662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2024 https://www.debian.org/security/faq Package : apache2 CVE ID : CVE-2023-31122 CVE-2023-38709...
7.5CVSS
7.5AI Score
0.001EPSS
[SECURITY] [DSA 5661-1] php8.2 security update
Debian Security Advisory DSA-5661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024 https://www.debian.org/security/faq Package : php8.2 CVE ID : CVE-2023-3823 CVE-2023-3824...
9.8CVSS
6.8AI Score
0.0004EPSS
[SECURITY] [DSA 5660-1] php7.4 security update
Debian Security Advisory DSA-5660-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024 https://www.debian.org/security/faq Package : php7.4 CVE ID : CVE-2023-3823 CVE-2023-3824...
9.8CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.6CVSS
8.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.3AI Score
0.0004EPSS
[SECURITY] [DSA 5659-1] trafficserver security update
Debian Security Advisory DSA-5659-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 14, 2024 https://www.debian.org/security/faq Package : trafficserver CVE ID : CVE-2024-31309 Bartek...
6.6AI Score
0.0004EPSS
[SECURITY] [DSA 5658-1] linux security update
Debian Security Advisory DSA-5658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-2176 CVE-2023-6270...
8CVSS
7.5AI Score
0.0004EPSS
[SECURITY] [DSA 5657-1] xorg-server security update
Debian Security Advisory DSA-5657-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2024 https://www.debian.org/security/faq Package : xorg-server CVE ID : CVE-2024-31080 CVE-2024-31081...
7.3CVSS
7.8AI Score
0.0004EPSS
[SECURITY] [DSA 5656-1] chromium security update
Debian Security Advisory DSA-5656-1 [email protected] https://www.debian.org/security/ Andres Salomon April 11, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-3157 CVE-2024-3515...
7.4AI Score
0.0004EPSS
Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956) A logic issue was addressed with improved validation. This issue is fixed....
6.2AI Score
0.001EPSS
Issue Overview: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in.....
7.3AI Score
0.001EPSS
Issue Overview: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case....
7AI Score
0.002EPSS
Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...
7.3AI Score
0.0005EPSS
Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...
7.3AI Score
0.0004EPSS
Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
7.3AI Score
0.034EPSS
Issue Overview: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. (CVE-2024-26461) Affected Packages: krb5 Note: This advisory is...
7.2AI Score
0.0004EPSS
Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...
7.1AI Score
0.0005EPSS
Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...
7.1AI Score
0.0005EPSS
Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...
7.1AI Score
0.0005EPSS
Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could resu...
9.7AI Score
0.003EPSS
Real-time File Access Monitoring (FAM) with Qualys FIM
What is File Access Monitoring (FAM)? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring (FIM) solution to trigger alerts when critical host files not intended for regular use are accessed. Importance...
7AI Score
April’s Patch Tuesday Brings Record Number of Fixes
If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147....
8.8CVSS
8AI Score
0.004EPSS
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...
5.5AI Score
0.0004EPSS
Description of the security update for SharePoint Server 2019: April 9, 2024 (KB5002580)
Description of the security update for SharePoint Server 2019: April 9, 2024 (KB5002580) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251. **Notes:...
6.8AI Score
0.001EPSS
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040) Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2.....
8.1AI Score
0.0004EPSS
April 9, 2024-Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037128) Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.6.2 REMINDER Windows Embedded 7 Standard and...
8AI Score
0.0004EPSS
Description of the security update for Microsoft OLE DB Driver 18 for SQL Server: April 9, 2024
Description of the security update for Microsoft OLE DB Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28906 - Microsoft OLE DB Driver for...
8.1AI Score
0.001EPSS
Description of the security update for SharePoint Server Subscription Edition: April 9, 2024 (KB5002581) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
6.9AI Score
0.001EPSS
April 9, 2024-KB5037035 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2....
8.2AI Score
0.0004EPSS
Description of the security update for Microsoft ODBC Driver 17 for SQL Server: April 9, 2024
Description of the security update for Microsoft ODBC Driver 17 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...
8.1AI Score
0.001EPSS
KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024
KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update resolves a vulnerability. To learn more about the...
7.6AI Score
0.001EPSS
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5037039) Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...
8.1AI Score
0.0004EPSS
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037038) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET...
8AI Score
0.0004EPSS
April 9, 2024-Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037041) Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.6.2 REMINDER Windows Embedded 7 Standard...
8AI Score
0.0004EPSS
April 9, 2024-KB5036620 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Release Date: April 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The April 9, 2024 update for Windows 11, version 22H2 and Windows 11, version 23H2 includes...
8.2AI Score
0.0004EPSS
April 9, 2024-KB5037036 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2....
8.2AI Score
0.0004EPSS
April 9, 2024—KB5036969 (Monthly Rollup)
April 9, 2024—KB5036969 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....
8.1AI Score
0.001EPSS
KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024
KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...
7.7AI Score
0.001EPSS
KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024
KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...
7.5AI Score
0.001EPSS
April 9, 2024-KB5037037 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 11, version...
8.2AI Score
0.0004EPSS
Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583)
Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251......
7AI Score
0.001EPSS
KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024
KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update contains a fix and resolves vulnerabilities. To learn more...
7.7AI Score
0.001EPSS
April 9, 2024-KB5036609 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: April 9, 2024 Version: .NET Framework 4.8 The April 9, 2024 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...
8.2AI Score
0.0004EPSS
Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024
Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28906 - Microsoft OLE DB Driver for...
8.1AI Score
0.001EPSS
April 9, 2024-KB5037034 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...
8.2AI Score
0.0004EPSS
Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024
Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...
8.1AI Score
0.001EPSS
April 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037127) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2....
8AI Score
0.0004EPSS
April 9, 2024-KB5037033 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. **...
8.2AI Score
0.0004EPSS
April 9, 2024-KB5037087 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Azure Stack HCI,...
8.2AI Score
0.0004EPSS