Lucene search

K

Accordion & FAQ Security Vulnerabilities

debian
debian

[SECURITY] [DSA 5684-1] webkit2gtk security update

Debian Security Advisory DSA-5684-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 09, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2023-42843 CVE-2023-42950...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-09 07:57 AM
1
debian
debian

[SECURITY] [DSA 5682-2] glib2.0 regression update

Debian Security Advisory DSA-5682-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2024 https://www.debian.org/security/faq Package : glib2.0 Debian Bug : 1070730 1070736 1070743 1070745...

6.8AI Score

2024-05-09 05:02 AM
debian
debian

[SECURITY] [DSA 5685-1] wordpress security update

Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561...

7.6CVSS

7.3AI Score

0.004EPSS

2024-05-08 10:06 PM
amazon
amazon

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit...

7.3AI Score

2024-05-08 09:19 PM
1
debian
debian

[SECURITY] [DSA 5683-1] chromium security update

Debian Security Advisory DSA-5683-1 [email protected] https://www.debian.org/security/ Andres Salomon May 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4558 CVE-2024-4559...

7.7AI Score

0.0004EPSS

2024-05-08 06:03 PM
1
cve
cve

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-08 02:15 PM
33
nvd
nvd

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-08 02:15 PM
cvelist
cvelist

CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-05-08 01:19 PM
veracode
veracode

Cross-Site Scripting (XSS)

yab/quarx is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient input validation and sanitization in several components including Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus...

6.1CVSS

6.5AI Score

0.001EPSS

2024-05-08 06:01 AM
3
debian
debian

[SECURITY] [DSA 5682-1] glib2.0 security update

Debian Security Advisory DSA-5682-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2024 https://www.debian.org/security/faq Package : glib2.0 CVE ID : CVE-2024-34397 Alicia Boya Garcia...

5.5AI Score

0.0004EPSS

2024-05-07 07:53 PM
9
wpvulndb
wpvulndb

Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery

Description The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to...

4.3CVSS

6.6AI Score

0.0005EPSS

2024-05-07 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0885-1)

The remote host is missing an update for...

5.5CVSS

6.7AI Score

0.001EPSS

2024-05-07 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0884-1)

The remote host is missing an update for...

5.5CVSS

8AI Score

0.001EPSS

2024-05-07 12:00 AM
4
debian
debian

[SECURITY] [DSA 5681-1] linux security update

Debian Security Advisory DSA-5681-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-6270 CVE-2023-7042...

8CVSS

7.3AI Score

0.0005EPSS

2024-05-06 06:31 PM
17
debian
debian

[SECURITY] [DSA 5680-1] linux security update

Debian Security Advisory DSA-5680-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2024-26605 CVE-2024-26817...

7.8CVSS

7AI Score

0.0004EPSS

2024-05-06 05:40 PM
25
debian
debian

[SECURITY] [DSA 5679-1] less security update

Debian Security Advisory DSA-5679-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian...

7.2AI Score

0.0004EPSS

2024-05-03 09:12 PM
20
debian
debian

[SECURITY] [DSA 5678-1] glibc security update

Debian Security Advisory DSA-5678-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : glibc CVE ID : CVE-2024-33599 CVE-2024-33600...

6.9AI Score

0.0004EPSS

2024-05-03 07:53 PM
47
debian
debian

[SECURITY] [DSA 5677-1] ruby3.1 security update

Debian Security Advisory DSA-5677-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2024 https://www.debian.org/security/faq Package : ruby3.1 CVE ID : CVE-2024-27280 CVE-2024-27281...

6.8AI Score

EPSS

2024-05-03 07:47 PM
8
thn
thn

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the...

7AI Score

2024-05-03 09:37 AM
1
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

9.1AI Score

EPSS

2024-05-02 02:49 PM
47
debian
debian

[SECURITY] [DSA 5676-1] chromium security update

Debian Security Advisory DSA-5676-1 [email protected] https://www.debian.org/security/ Andres Salomon May 02, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4331 CVE-2024-4368...

6.7AI Score

0.0004EPSS

2024-05-02 07:39 AM
7
nessus
nessus

IBM MQ DoS (7123139)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123139 advisory. IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-01 12:00 AM
8
nvd
nvd

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

3.5CVSS

3.6AI Score

0.0004EPSS

2024-04-30 01:15 AM
cve
cve

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

3.5CVSS

6AI Score

0.0004EPSS

2024-04-30 01:15 AM
9
cvelist
cvelist

CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

3.5CVSS

4AI Score

0.0004EPSS

2024-04-30 01:00 AM
nessus
nessus

IBM MQ 9.3 <= 9.3.5.1 (7149581)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149581 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that...

7.4CVSS

6.3AI Score

0.001EPSS

2024-04-30 12:00 AM
18
nessus
nessus

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 / 9.3 <= 9.3.5.1 (7149586)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149586 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported...

7.5CVSS

6.4AI Score

0.001EPSS

2024-04-30 12:00 AM
10
nessus
nessus

IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7123135)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123135 advisory. Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function....

7.3CVSS

6.5AI Score

0.001EPSS

2024-04-27 12:00 AM
12
debian
debian

[SECURITY] [DSA 5675-1] chromium security update

Debian Security Advisory DSA-5675-1 [email protected] https://www.debian.org/security/ Andres Salomon April 26, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4058 CVE-2024-4059...

8.8CVSS

6.7AI Score

0.001EPSS

2024-04-26 04:15 PM
15
nessus
nessus

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7149582)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149582 advisory. IBM MQ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-04-26 12:00 AM
1
nessus
nessus

IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 DoS (7149583)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149583 advisory. IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. (CVE-2024-25015) ...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-04-26 12:00 AM
2
debian
debian

[SECURITY] [DSA 5674-1] pdns-recursor security update

Debian Security Advisory DSA-5674-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 25, 2024 https://www.debian.org/security/faq Package : pdns-recursor CVE ID : CVE-2024-25583 It was...

7.5CVSS

5.8AI Score

0.0004EPSS

2024-04-25 07:28 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

9.9AI Score

EPSS

2024-04-25 03:56 PM
42
amazon
amazon

Important: glibc

Issue Overview: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable....

7.6AI Score

0.0005EPSS

2024-04-24 10:15 PM
17
amazon
amazon

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are....

5.8CVSS

6.9AI Score

0.01EPSS

2024-04-24 10:15 PM
8
amazon
amazon

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-04-24 10:15 PM
15
amazon
amazon

Medium: kernel

Issue Overview: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race...

5.5CVSS

7.6AI Score

0.0004EPSS

2024-04-24 10:15 PM
3
amazon
amazon

Important: bind

Issue Overview: Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol...

7.5CVSS

7.4AI Score

0.05EPSS

2024-04-24 10:15 PM
9
amazon
amazon

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol....

7.3AI Score

0.0004EPSS

2024-04-24 10:15 PM
6
amazon
amazon

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by....

6.5CVSS

6.9AI Score

0.001EPSS

2024-04-24 10:15 PM
8
amazon
amazon

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

3.7CVSS

6AI Score

0.001EPSS

2024-04-24 10:15 PM
7
amazon
amazon

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

3.7CVSS

6AI Score

0.001EPSS

2024-04-24 10:15 PM
6
amazon
amazon

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

7.2AI Score

0.0004EPSS

2024-04-24 10:15 PM
24
amazon
amazon

Important: mod_http2

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. (CVE-2024-27316) Affected Packages: mod_http2 Note: This advisory is...

7.5CVSS

7.2AI Score

0.005EPSS

2024-04-24 10:15 PM
10
amazon
amazon

Medium: jose

Issue Overview: latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. (CVE-2023-50967) Affected Packages: jose Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section...

7.1AI Score

0.0004EPSS

2024-04-24 10:15 PM
4
amazon
amazon

Important: qt5-qtbase

Issue Overview: Potential buffer overflow issue in QXmlStreamReader. When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash. (CVE-2023-37369) Affected Packages: qt5-qtbase Note: This advisory is applicable to Amazon Linux 2 (AL2)...

7.5CVSS

7.7AI Score

0.001EPSS

2024-04-24 10:15 PM
4
amazon
amazon

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file (CVE-2024-2955) Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ...

7.8CVSS

7.5AI Score

0.0004EPSS

2024-04-24 10:15 PM
6
nvd
nvd

CVE-2024-3491

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-23 11:15 AM
1
cve
cve

CVE-2024-3491

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.6AI Score

0.0004EPSS

2024-04-23 11:15 AM
34
cvelist
cvelist

CVE-2024-3491

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-23 11:07 AM
Total number of security vulnerabilities20627