[SECURITY] [DSA 5694-1] chromium security update
Debian Security Advisory DSA-5694-1 [email protected] https://www.debian.org/security/ Andres Salomon May 17, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4947 CVE-2024-4948...
[SECURITY] [DSA 5693-1] thunderbird security update
Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 180 vulnerabilities disclosed in 142...
8.2AI Score
0.001EPSS
[SECURITY] [DSA 5692-1] ghostscript security update
Debian Security Advisory DSA-5692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2024 https://www.debian.org/security/faq Package : ghostscript CVE ID : CVE-2023-52722 CVE-2024-29510...
[SECURITY] [DSA 5691-1] firefox-esr security update
Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...
7.4AI Score
[SECURITY] [DSA 5690-1] libreoffice security update
Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...
[SECURITY] [DSA 5689-1] chromium security update
Debian Security Advisory DSA-5689-1 [email protected] https://www.debian.org/security/ Andres Salomon May 15, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4761 A security issue...
0.045EPSS
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...
6AI Score
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...
6AI Score
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....
6.7AI Score
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to....
6.7AI Score
Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...
10AI Score
0.02EPSS
The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...
4.3CVSS
6.7AI Score
0.0005EPSS
Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)
Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...
7.7AI Score
Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about.....
7.7AI Score
Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596)
Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...
7.7AI Score
Description of the security update for Excel 2016: May 14, 2024 (KB5002587)
Description of the security update for Excel 2016: May 14, 2024 (KB5002587) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-30042. Note: To apply this...
7.6AI Score
May 14, 2024—KB5037778 (Monthly Rollup)
May 14, 2024—KB5037778 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
6.9AI Score
Description of the security update for Office Online Server: May 14, 2024 (KB5002503)
Description of the security update for Office Online Server: May 14, 2024 (KB5002503) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisory: Microsoft Excel Remote Code Execution...
7.4AI Score
[SECURITY] [DSA 5688-1] atril security update
Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq Package : atril CVE ID : CVE-2023-52076 It was discovered...
8.8CVSS
8.6AI Score
0.004EPSS
[SECURITY] [DSA 5687-1] chromium security update
Debian Security Advisory DSA-5687-1 [email protected] https://www.debian.org/security/ Andres Salomon May 10, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4671 A security issue...
0.02EPSS
CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery
The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...
4.3AI Score
0.0005EPSS
Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can...
7AI Score
0.0004EPSS
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...
7.1AI Score
0.001EPSS
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clea...
7.2AI Score
0.0004EPSS
Issue Overview: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of...
8.2AI Score
0.0004EPSS
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...
5.8AI Score
0.001EPSS
Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....
7AI Score
0.0004EPSS
Issue Overview: FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy...
7.6AI Score
0.001EPSS
Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. (CVE-2024-33655) Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2...
7.3AI Score
Issue Overview: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. (CVE-2019-17596) Affected...
7.2AI Score
0.004EPSS
Issue Overview: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this...
7.3AI Score
0.001EPSS
[SECURITY] [DSA 5686-1] dav1d security update
Debian Security Advisory DSA-5686-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq Package : dav1d CVE ID : CVE-2024-1580 Nick Galloway...
5.9CVSS
5.7AI Score
0.0005EPSS
[SECURITY] [DSA 5684-1] webkit2gtk security update
Debian Security Advisory DSA-5684-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 09, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2023-42843 CVE-2023-42950...
0.0004EPSS
[SECURITY] [DSA 5682-2] glib2.0 regression update
Debian Security Advisory DSA-5682-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2024 https://www.debian.org/security/faq Package : glib2.0 Debian Bug : 1070730 1070736 1070743 1070745...
[SECURITY] [DSA 5685-1] wordpress security update
Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561...
4.3CVSS
0.002EPSS
Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit...
7.3AI Score
[SECURITY] [DSA 5683-1] chromium security update
Debian Security Advisory DSA-5683-1 [email protected] https://www.debian.org/security/ Andres Salomon May 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4558 CVE-2024-4559...
0.0004EPSS
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...
6.6AI Score
0.0004EPSS
yab/quarx is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient input validation and sanitization in several components including Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus...
6.5AI Score
0.001EPSS
[SECURITY] [DSA 5682-1] glib2.0 security update
Debian Security Advisory DSA-5682-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2024 https://www.debian.org/security/faq Package : glib2.0 CVE ID : CVE-2024-34397 Alicia Boya Garcia...
6.5AI Score
0.0004EPSS
Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery
Description The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to...
6.6AI Score
0.0005EPSS
6.7AI Score
0.001EPSS
8AI Score
0.001EPSS
[SECURITY] [DSA 5681-1] linux security update
Debian Security Advisory DSA-5681-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-6270 CVE-2023-7042...
8CVSS
7.6AI Score
0.0004EPSS
[SECURITY] [DSA 5680-1] linux security update
Debian Security Advisory DSA-5680-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2024-26605 CVE-2024-26817...
5.5CVSS
7.5AI Score
0.0004EPSS
[SECURITY] [DSA 5679-1] less security update
Debian Security Advisory DSA-5679-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian...
7.8AI Score
0.0004EPSS
[SECURITY] [DSA 5678-1] glibc security update
Debian Security Advisory DSA-5678-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : glibc CVE ID : CVE-2024-33599 CVE-2024-33600...
7.7AI Score
0.0004EPSS
[SECURITY] [DSA 5677-1] ruby3.1 security update
Debian Security Advisory DSA-5677-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2024 https://www.debian.org/security/faq Package : ruby3.1 CVE ID : CVE-2024-27280 CVE-2024-27281...
7.7AI Score