Oracle Patch Update, April 2024 Security Update Review
Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including...
9.8CVSS
10AI Score
0.023EPSS
e-mitsuwa.com Cross Site Scripting vulnerability OBB-3918605
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Deserialization of Untrusted Data in Apache Kafka Connect
Apache Druid CVE-2023-25194 CVE-2023-25194 is a...
8.8CVSS
7.2AI Score
0.97EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
Apache ActiveMQ CVE-2023-46604 CVE-2023-46604 is a widely...
10CVSS
7.6AI Score
0.931EPSS
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide. According to the PCI SSC website,...
7.3AI Score
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.5CVSS
5.3AI Score
0.0004EPSS
CVE-2024-26902 perf: RISCV: Fix panic on pmu overflow handler
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.6AI Score
0.0004EPSS
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
Title: Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Advisory ID: ZSL-2024-5822 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Wayber II is the name of an analogue/digital microwave link able to...
7.7AI Score
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Advisory ID: ZSL-2024-5821 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the high-end...
7.4AI Score
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Title: Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Advisory ID: ZSL-2024-5816 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Cleber offers a powerful, flexible and modular hardware...
7.6AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...
7.3AI Score
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config
Title: Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Advisory ID: ZSL-2024-5817 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Cleber offers a powerful, flexible and modular hardware and...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.5CVSS
5.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : emacs (SUSE-SU-2024:1317-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1317-1 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is...
6.6AI Score
0.0005EPSS
openSUSE: Security Advisory for emacs (SUSE-SU-2024:1294-1)
The remote host is missing an update for...
6.5AI Score
0.0005EPSS
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass
Title: Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Advisory ID: ZSL-2024-5818 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The REBLE610 features an accurate hardware design, absence...
7.7AI Score
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config
Title: Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Advisory ID: ZSL-2024-5819 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The REBLE610 features an accurate hardware design, absence of...
7.4AI Score
Welcart e-Commerce < 2.10.0 - Missing Authorization
Description The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the usces_item_duplicate() function in versions up to, and including, 2.9.14. This makes it possible for authenticated attackers, with author-level access and above, to....
5.4CVSS
6.2AI Score
0.0004EPSS
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Advisory ID: ZSL-2024-5820 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the...
7.7AI Score
Elber Wayber Analog/Digital Audio STL 4.00 Device Config
Title: Elber Wayber Analog/Digital Audio STL 4.00 Device Config Advisory ID: ZSL-2024-5823 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Wayber II is the name of an analogue/digital microwave link able to...
7.3AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...
7.7AI Score
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password...
6.9AI Score
0.0004EPSS
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password...
7.2AI Score
0.0004EPSS
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
6.5CVSS
6.3AI Score
0.0005EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...
4.3CVSS
5.3AI Score
0.0005EPSS
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
6.5CVSS
6.5AI Score
0.0005EPSS
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production...
7.5CVSS
7.5AI Score
0.0004EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...
4.3CVSS
4AI Score
0.0005EPSS
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production...
7.5CVSS
7.2AI Score
0.0004EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications.....
6.5CVSS
6.4AI Score
0.0005EPSS
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications.....
6.5CVSS
7.1AI Score
0.0005EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner.....
4.7CVSS
4.4AI Score
0.0005EPSS
Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner.....
4.7CVSS
6.3AI Score
0.0005EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. ...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. ...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. ...
7.5CVSS
7.5AI Score
0.0004EPSS
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. .....
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. .....
6.1CVSS
6AI Score
0.0005EPSS
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. ...
7.5CVSS
7.3AI Score
0.001EPSS