April 9, 2024-KB5036620 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Release Date: April 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The April 9, 2024 update for Windows 11, version 22H2 and Windows 11, version 23H2 includes...
8.2AI Score
0.0004EPSS
April 9, 2024—KB5036969 (Monthly Rollup)
April 9, 2024—KB5036969 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....
8.1AI Score
0.001EPSS
April 9, 2024-KB5037037 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 11, version...
8.2AI Score
0.0004EPSS
KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024
KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...
7.7AI Score
0.001EPSS
Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024
Description of the security update for Microsoft ODBC Driver 18 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28929 - Microsoft ODBC Driver for SQL...
8.1AI Score
0.001EPSS
April 9, 2024-KB5036609 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: April 9, 2024 Version: .NET Framework 4.8 The April 9, 2024 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...
8.2AI Score
0.0004EPSS
Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024
Description of the security update for Microsoft OLE DB Driver 19 for SQL Server: April 9, 2024 Summary This security update contains a fix and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2024-28906 - Microsoft OLE DB Driver for...
8.1AI Score
0.001EPSS
Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583)
Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251......
7AI Score
0.001EPSS
April 9, 2024-KB5037034 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...
8.2AI Score
0.0004EPSS
KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024
KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update contains a fix and resolves vulnerabilities. To learn more...
7.7AI Score
0.001EPSS
KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024
KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...
7.5AI Score
0.001EPSS
April 9, 2024-KB5037033 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. **...
8.2AI Score
0.0004EPSS
April 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037127) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2....
8AI Score
0.0004EPSS
April 9, 2024-KB5037087 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Azure Stack HCI,...
8.2AI Score
0.0004EPSS
April 9, 2024-KB5036617 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: April 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The April 9, 2024 update for Microsoft server operating system, version 23H2 includes security and...
8.2AI Score
0.0004EPSS
[SECURITY] [DSA 5655-1] cockpit security update
Debian Security Advisory DSA-5655-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2024 https://www.debian.org/security/faq Package : cockpit CVE ID : CVE-2024-2947 It was discovered...
7.3CVSS
7.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
0.0004EPSS
[SECURITY] [DSA 5654-1] chromium security update
Debian Security Advisory DSA-5654-1 [email protected] https://www.debian.org/security/ Andres Salomon April 03, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-3156 CVE-2024-3158...
8.8CVSS
7.7AI Score
0.001EPSS
[SECURITY] [DSA 5653-1] gtkwave security update
Debian Security Advisory DSA-5653-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2024 https://www.debian.org/security/faq Package : gtkwave CVE ID : CVE-2023-32650 CVE-2023-34087...
7.8CVSS
7.8AI Score
0.001EPSS
[SECURITY] [DSA 5652-1] py7zr security update
Debian Security Advisory DSA-5652-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2024 https://www.debian.org/security/faq Package : py7zr CVE ID : CVE-2022-44900 A directory...
9.1CVSS
6.4AI Score
0.008EPSS
Microsoft Windows 8 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)
The XZ Utils of the Tukaani Project have been backdoored by an unknown threat actor in February and March...
9.8AI Score
0.133EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
[SECURITY] [DSA 5651-1] mediawiki security update
Debian Security Advisory DSA-5651-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2024 https://www.debian.org/security/faq Package : mediawiki CVE ID : not yet available Two security...
6.4AI Score
[SECURITY] [DSA 5650-1] util-linux security update
Debian Security Advisory DSA-5650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 31, 2024 https://www.debian.org/security/faq Package : util-linux CVE ID : CVE-2024-28085 Debian Bug ...
6.7AI Score
0.0005EPSS
[SECURITY] [DSA 5649-1] xz-utils security update
Debian Security Advisory DSA-5649-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2024 https://www.debian.org/security/faq Package : xz-utils CVE ID : CVE-2024-3094 Andres Freund...
10CVSS
6.7AI Score
0.133EPSS
[SECURITY] [DSA 5648-1] chromium security update
Debian Security Advisory DSA-5648-1 [email protected] https://www.debian.org/security/ Andres Salomon March 28, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-2625 CVE-2024-2626...
8.8CVSS
7.3AI Score
0.001EPSS
A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ...
5.7AI Score
0.0004EPSS
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2...
7.2CVSS
7.3AI Score
0.0004EPSS
A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ...
5.4AI Score
0.0004EPSS
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details, see...
7.6AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. Notes Author| Note ---|--- jdstrand |...
8.5AI Score
0.001EPSS
Issue Overview: AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9...
8.6AI Score
0.0004EPSS
Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...
7.4AI Score
0.034EPSS
Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a....
7.4AI Score
0.003EPSS
Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...
7.2AI Score
0.001EPSS
Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a...
6.8AI Score
0.0004EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in...
6.8AI Score
0.0004EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in...
3.8CVSS
7.1AI Score
0.0004EPSS
CVE-2024-29196 phpMyFAQ Path Traversal in Attachments
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in...
6.4AI Score
0.0004EPSS
Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur | It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking...
7.2AI Score
Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur | It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking...
7.2AI Score
6.9AI Score
0.0004EPSS
Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur | It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking...
7.2AI Score
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS...
4.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS...
6.1AI Score
0.0004EPSS
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Summary By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. PoC Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following...
6.7AI Score
0.0004EPSS
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Summary By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. PoC Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following...
6.5AI Score
0.0004EPSS
phpMyFAQ SQL injections at insertentry & saveentry
Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over...
9.4AI Score
0.0004EPSS
phpMyFAQ SQL injections at insertentry & saveentry
Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over...
9.1AI Score
0.0004EPSS