Diary & Availability Calendar Security Vulnerabilities

K000139608: MySQL Server vulnerability CVE-2024-21087

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....

KLA67588 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free...

KLA67434 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of...

K000139606: MySQL Server vulnerabiliity CVE-2024-21047

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX....

K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062

Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...

Rocky Linux 9 : edk2 (RLSA-2024:2264)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2264 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local...

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via...

KLA67433 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code...

KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: Use after free vulnerability can be...

KLA67403 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability can be exploited remotely...

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

K000139590: MySQL Server vulnerabilities CVE-2024-20994, CVE-2024-21015, CVE-2024-21050, and CVE-2024-21057

Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...

CVE-2024-4046

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32999

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32998

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52720

Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32997

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32996

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32995

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32993

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52384

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52383

Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32992

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32991

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32990

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32989

Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-32989

Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...

RHEL 7 : qt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. qt: QPluginLoader loads plugins relative to CWD which could result in arbitrary code execution ...

RHEL 6 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Heap overflow issue in URN processing (CVE-2019-12526) squid: Buffer overflow in reverse-proxy...

RHEL 7 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Information disclosure in Collapsed forwarding (CVE-2016-10003) This vulnerability allows remote...

RHEL 6 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: Bypassing the extract path name (CVE-2016-6321) GNU Tar through 1.30, when --sparse is used,...

RHEL 7 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: Bypassing the extract path name (CVE-2016-6321) GNU Tar through 1.30, when --sparse is used,...

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) libxml2:...

RHEL 6 : qemu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Memory leak in hw/watchdog/wdt_i6300esb.c in...

RHEL 7 : imagemagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c ...