Accordion & FAQ Security Vulnerabilities

[SECURITY] [DSA 5662-1] apache2 security update

Debian Security Advisory DSA-5662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2024 https://www.debian.org/security/faq Package : apache2 CVE ID : CVE-2023-31122 CVE-2023-38709...

[SECURITY] [DSA 5661-1] php8.2 security update

Debian Security Advisory DSA-5661-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024 https://www.debian.org/security/faq Package : php8.2 CVE ID : CVE-2023-3823 CVE-2023-3824...

[SECURITY] [DSA 5660-1] php7.4 security update

Debian Security Advisory DSA-5660-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024 https://www.debian.org/security/faq Package : php7.4 CVE ID : CVE-2023-3823 CVE-2023-3824...

CVE-2024-32136

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...

CVE-2024-32136 WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...

[SECURITY] [DSA 5659-1] trafficserver security update

Debian Security Advisory DSA-5659-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 14, 2024 https://www.debian.org/security/faq Package : trafficserver CVE ID : CVE-2024-31309 Bartek...

[SECURITY] [DSA 5658-1] linux security update

Debian Security Advisory DSA-5658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-2176 CVE-2023-6270...

[SECURITY] [DSA 5657-1] xorg-server security update

Debian Security Advisory DSA-5657-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2024 https://www.debian.org/security/faq Package : xorg-server CVE ID : CVE-2024-31080 CVE-2024-31081...

[SECURITY] [DSA 5656-1] chromium security update

Debian Security Advisory DSA-5656-1 [email protected] https://www.debian.org/security/ Andres Salomon April 11, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-3157 CVE-2024-3515...

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956) A logic issue was addressed with improved validation. This issue is fixed....

Important: glib2

Issue Overview: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in.....

Medium: flatpak

Issue Overview: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case....

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Important: tomcat

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

Medium: krb5

Issue Overview: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. (CVE-2024-26461) Affected Packages: krb5 Note: This advisory is...

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...

Important: tigervnc

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg-&gt;dmin in forward_search_range() could resu...

Real-time File Access Monitoring (FAM) with Qualys FIM

What is File Access Monitoring (FAM)? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring (FIM) solution to trigger alerts when critical host files not intended for regular use are accessed. Importance...

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147....

CVE-2024-2845

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...

CVE-2024-2845

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...

Description of the security update for SharePoint Server 2019: April 9, 2024 (KB5002580)

Description of the security update for SharePoint Server 2019: April 9, 2024 (KB5002580) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251. **Notes:...

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040)

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040) Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2.....

April 9, 2024-Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037128)

April 9, 2024-Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037128) Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.6.2 REMINDER Windows Embedded 7 Standard and...

Description of the security update for Microsoft OLE DB Driver 18 for SQL Server: April 9, 2024

Description of the security update for Microsoft OLE DB Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28906 - Microsoft OLE DB Driver for...

Description of the security update for SharePoint Server Subscription Edition: April 9, 2024 (KB5002581)

Description of the security update for SharePoint Server Subscription Edition: April 9, 2024 (KB5002581) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

April 9, 2024-KB5037035 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2

April 9, 2024-KB5037035 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2....

Description of the security update for Microsoft ODBC Driver 17 for SQL Server: April 9, 2024

Description of the security update for Microsoft ODBC Driver 17 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...

KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024

KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update resolves a vulnerability. To learn more about the...

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5037039)

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5037039) Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037038)

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037038) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET...

April 9, 2024-Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037041)

April 9, 2024-Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5037041) Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.6.2 REMINDER Windows Embedded 7 Standard...

April 9, 2024-KB5036620 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2

April 9, 2024-KB5036620 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Release Date: April 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The April 9, 2024 update for Windows 11, version 22H2 and Windows 11, version 23H2 includes...

April 9, 2024-KB5037036 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

April 9, 2024-KB5037036 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2....

April 9, 2024—KB5036969 (Monthly Rollup)

April 9, 2024—KB5036969 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....

KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024

KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024

KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

April 9, 2024-KB5037037 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2

April 9, 2024-KB5037037 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 11, version...

Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583)

Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251......

KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024

KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update contains a fix and resolves vulnerabilities. To learn more...

April 9, 2024-KB5036609 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

April 9, 2024-KB5036609 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: April 9, 2024 Version: .NET Framework 4.8 The April 9, 2024 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...

Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024

Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28906 - Microsoft OLE DB Driver for...

April 9, 2024-KB5037034 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

April 9, 2024-KB5037034 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...

Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024

Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...

April 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037127)

April 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037127) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2....

April 9, 2024-KB5037033 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022

April 9, 2024-KB5037033 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. **...

April 9, 2024-KB5037087 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2

April 9, 2024-KB5037087 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Azure Stack HCI,...