Accordion & FAQ Security Vulnerabilities

[SECURITY] [DSA 5695-1] webkit2gtk security update

Debian Security Advisory DSA-5695-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 22, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2024-27834 The following...

Debian dsa-5695 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5695 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5695-1 [email protected] ...

Debian dsa-5696 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5696 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5696-1 [email protected] ...

[SECURITY] [DSA 5694-1] chromium security update

Debian Security Advisory DSA-5694-1 [email protected] https://www.debian.org/security/ Andres Salomon May 17, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4947 CVE-2024-4948...

[SECURITY] [DSA 5693-1] thunderbird security update

Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...

Debian dsa-5693 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

Debian dsa-5692 : ghostscript - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5692 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5692-1 [email protected] ...

[SECURITY] [DSA 5692-1] ghostscript security update

Debian Security Advisory DSA-5692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2024 https://www.debian.org/security/faq Package : ghostscript CVE ID : CVE-2023-52722 CVE-2024-29510...

[SECURITY] [DSA 5691-1] firefox-esr security update

Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...

[SECURITY] [DSA 5689-1] chromium security update

Debian Security Advisory DSA-5689-1 [email protected] https://www.debian.org/security/ Andres Salomon May 15, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4761 A security issue...

[SECURITY] [DSA 5690-1] libreoffice security update

Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...

Debian dsa-5691 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5691 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5691-1 [email protected] ...

Debian dsa-5690 : fonts-opensymbol - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] ...

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability

Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

CVE-2024-4082

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

CVE-2024-4082

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599)

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about.....

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596)

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

Description of the security update for Excel 2016: May 14, 2024 (KB5002587)

Description of the security update for Excel 2016: May 14, 2024 (KB5002587) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-30042. Note: To apply this...

Description of the security update for Office Online Server: May 14, 2024 (KB5002503)

Description of the security update for Office Online Server: May 14, 2024 (KB5002503) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisory:​​​​ Microsoft Excel Remote Code Execution...

May 14, 2024—KB5037778 (Monthly Rollup)

May 14, 2024—KB5037778 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Notes Author| Note ---|--- jdstrand | webkit...

[SECURITY] [DSA 5688-1] atril security update

Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq Package : atril CVE ID : CVE-2023-52076 It was discovered...

[SECURITY] [DSA 5687-1] chromium security update

Debian Security Advisory DSA-5687-1 [email protected] https://www.debian.org/security/ Andres Salomon May 10, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4671 A security issue...

CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-&gt;len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clea...

Important: python3

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can...

Important: flatpak

Issue Overview: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of...

Medium: freerdp

Issue Overview: 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based...

Medium: edk2

Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. (CVE-2024-33655) Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2...

Important: golang

Issue Overview: 2024-05-23: CVE-2019-16276 was added to this advisory. It was discovered that net/http (through net/textproto) in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests...

Important: ghostscript

Issue Overview: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this...

[SECURITY] [DSA 5686-1] dav1d security update

Debian Security Advisory DSA-5686-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq Package : dav1d CVE ID : CVE-2024-1580 Nick Galloway...

[SECURITY] [DSA 5684-1] webkit2gtk security update

Debian Security Advisory DSA-5684-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 09, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2023-42843 CVE-2023-42950...

[SECURITY] [DSA 5682-2] glib2.0 regression update

Debian Security Advisory DSA-5682-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2024 https://www.debian.org/security/faq Package : glib2.0 Debian Bug : 1070730 1070736 1070743 1070745...

[SECURITY] [DSA 5685-1] wordpress security update

Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561...

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit...

[SECURITY] [DSA 5683-1] chromium security update

Debian Security Advisory DSA-5683-1 [email protected] https://www.debian.org/security/ Andres Salomon May 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4558 CVE-2024-4559...

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...