Lucene search

K

Accordion & FAQ Security Vulnerabilities

debian
debian

[SECURITY] [DSA 5695-1] webkit2gtk security update

Debian Security Advisory DSA-5695-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 22, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2024-27834 The following...

7.1AI Score

0.0004EPSS

2024-05-22 09:15 AM
3
nessus
nessus

Debian dsa-5695 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5695 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5695-1 [email protected] ...

6.4AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
nessus
nessus

Debian dsa-5696 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5696 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5696-1 [email protected] ...

7.4AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
debian
debian

[SECURITY] [DSA 5694-1] chromium security update

Debian Security Advisory DSA-5694-1 [email protected] https://www.debian.org/security/ Andres Salomon May 17, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4947 CVE-2024-4948...

8.8CVSS

6.9AI Score

0.002EPSS

2024-05-17 06:06 PM
1
debian
debian

[SECURITY] [DSA 5693-1] thunderbird security update

Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...

7.1AI Score

0.0004EPSS

2024-05-17 05:04 PM
1
nessus
nessus

Debian dsa-5693 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] ...

8.8AI Score

0.0004EPSS

2024-05-17 12:00 AM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
24
nessus
nessus

Debian dsa-5692 : ghostscript - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5692 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5692-1 [email protected] ...

7.6AI Score

EPSS

2024-05-16 12:00 AM
3
debian
debian

[SECURITY] [DSA 5692-1] ghostscript security update

Debian Security Advisory DSA-5692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2024 https://www.debian.org/security/faq Package : ghostscript CVE ID : CVE-2023-52722 CVE-2024-29510...

8.2AI Score

EPSS

2024-05-15 08:07 PM
5
debian
debian

[SECURITY] [DSA 5691-1] firefox-esr security update

Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...

7.4AI Score

0.0004EPSS

2024-05-15 05:48 PM
6
debian
debian

[SECURITY] [DSA 5689-1] chromium security update

Debian Security Advisory DSA-5689-1 [email protected] https://www.debian.org/security/ Andres Salomon May 15, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4761 A security issue...

8.8CVSS

6.9AI Score

0.003EPSS

2024-05-15 05:48 PM
debian
debian

[SECURITY] [DSA 5690-1] libreoffice security update

Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...

6.6AI Score

0.0004EPSS

2024-05-15 05:47 PM
3
nessus
nessus

Debian dsa-5691 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5691 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5691-1 [email protected] ...

7.5AI Score

0.0004EPSS

2024-05-15 12:00 AM
3
nessus
nessus

Debian dsa-5690 : fonts-opensymbol - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] ...

6AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
github
github

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

5.9CVSS

6AI Score

0.0004EPSS

2024-05-14 08:31 PM
9
osv
osv

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

5.9CVSS

6AI Score

0.0004EPSS

2024-05-14 08:31 PM
8
osv
osv

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

6.3CVSS

6.7AI Score

0.0005EPSS

2024-05-14 08:30 PM
6
github
github

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

6.3CVSS

6.7AI Score

0.0005EPSS

2024-05-14 08:30 PM
6
rapid7blog
rapid7blog

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

9.6CVSS

10AI Score

0.008EPSS

2024-05-14 08:25 PM
24
nvd
nvd

CVE-2024-4082

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-14 03:42 PM
cve
cve

CVE-2024-4082

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

4.3CVSS

5.2AI Score

0.0005EPSS

2024-05-14 03:42 PM
1
mskb
mskb

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

7.2CVSS

7.7AI Score

0.001EPSS

2024-05-14 07:00 AM
16
mskb
mskb

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599)

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about.....

7.2CVSS

7.7AI Score

0.001EPSS

2024-05-14 07:00 AM
10
mskb
mskb

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596)

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

7.2CVSS

7.7AI Score

0.001EPSS

2024-05-14 07:00 AM
37
mskb
mskb

Description of the security update for Excel 2016: May 14, 2024 (KB5002587)

Description of the security update for Excel 2016: May 14, 2024 (KB5002587) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-30042. Note: To apply this...

7.8CVSS

7.6AI Score

0.001EPSS

2024-05-14 07:00 AM
4
mskb
mskb

Description of the security update for Office Online Server: May 14, 2024 (KB5002503)

Description of the security update for Office Online Server: May 14, 2024 (KB5002503) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisory:​​​​ Microsoft Excel Remote Code Execution...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-14 07:00 AM
24
mskb
mskb

May 14, 2024—KB5037778 (Monthly Rollup)

May 14, 2024—KB5037778 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

8.8CVSS

6.9AI Score

0.001EPSS

2024-05-14 07:00 AM
18
ubuntucve
ubuntucve

CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Notes Author| Note ---|--- jdstrand | webkit...

5.6AI Score

0.0004EPSS

2024-05-14 12:00 AM
4
debian
debian

[SECURITY] [DSA 5688-1] atril security update

Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq Package : atril CVE ID : CVE-2023-52076 It was discovered...

9.6CVSS

5.9AI Score

0.005EPSS

2024-05-12 01:21 PM
5
debian
debian

[SECURITY] [DSA 5687-1] chromium security update

Debian Security Advisory DSA-5687-1 [email protected] https://www.debian.org/security/ Andres Salomon May 10, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4671 A security issue...

9.6CVSS

7AI Score

0.001EPSS

2024-05-10 05:39 PM
1
cvelist
cvelist

CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

4.3CVSS

4.9AI Score

0.0005EPSS

2024-05-09 08:03 PM
amazon
amazon

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

5.3CVSS

7.1AI Score

0.001EPSS

2024-05-09 07:16 PM
13
amazon
amazon

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

3.7CVSS

5.8AI Score

0.001EPSS

2024-05-09 07:16 PM
11
amazon
amazon

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-&gt;len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clea...

7.2AI Score

0.0005EPSS

2024-05-09 07:16 PM
16
amazon
amazon

Important: python3

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can...

7.8CVSS

7AI Score

0.0004EPSS

2024-05-09 07:16 PM
12
amazon
amazon

Important: flatpak

Issue Overview: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of...

8.4CVSS

8.2AI Score

0.0004EPSS

2024-05-09 07:16 PM
4
amazon
amazon

Medium: freerdp

Issue Overview: 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based...

9.8CVSS

9.3AI Score

0.001EPSS

2024-05-09 07:16 PM
5
amazon
amazon

Medium: edk2

Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....

7AI Score

0.0004EPSS

2024-05-09 07:16 PM
4
amazon
amazon

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. (CVE-2024-33655) Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2...

7.3AI Score

0.0004EPSS

2024-05-09 07:16 PM
2
amazon
amazon

Important: golang

Issue Overview: 2024-05-23: CVE-2019-16276 was added to this advisory. It was discovered that net/http (through net/textproto) in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests...

7.5CVSS

7.4AI Score

0.01EPSS

2024-05-09 07:16 PM
4
amazon
amazon

Important: ghostscript

Issue Overview: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this...

7.8CVSS

7.3AI Score

0.001EPSS

2024-05-09 07:16 PM
8
debian
debian

[SECURITY] [DSA 5686-1] dav1d security update

Debian Security Advisory DSA-5686-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq Package : dav1d CVE ID : CVE-2024-1580 Nick Galloway...

5.9CVSS

6AI Score

0.0005EPSS

2024-05-09 02:47 PM
4
debian
debian

[SECURITY] [DSA 5684-1] webkit2gtk security update

Debian Security Advisory DSA-5684-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 09, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2023-42843 CVE-2023-42950...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-09 07:57 AM
2
debian
debian

[SECURITY] [DSA 5682-2] glib2.0 regression update

Debian Security Advisory DSA-5682-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2024 https://www.debian.org/security/faq Package : glib2.0 Debian Bug : 1070730 1070736 1070743 1070745...

6.8AI Score

2024-05-09 05:02 AM
debian
debian

[SECURITY] [DSA 5685-1] wordpress security update

Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561...

7.6CVSS

7.3AI Score

0.003EPSS

2024-05-08 10:06 PM
2
amazon
amazon

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit...

7.3AI Score

2024-05-08 09:19 PM
1
debian
debian

[SECURITY] [DSA 5683-1] chromium security update

Debian Security Advisory DSA-5683-1 [email protected] https://www.debian.org/security/ Andres Salomon May 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4558 CVE-2024-4559...

7.7AI Score

0.0004EPSS

2024-05-08 06:03 PM
1
cve
cve

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-08 02:15 PM
34
nvd
nvd

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-08 02:15 PM
cvelist
cvelist

CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-05-08 01:19 PM
Total number of security vulnerabilities20670