Diary & Availability Calendar Security Vulnerabilities

RHEL 8 : booth (RHSA-2024:3657)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3657 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

RHEL 9 : booth (RHSA-2024:3660)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3660 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

RHEL 9 : booth (RHSA-2024:3661)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3661 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

Oracle Linux 8 : kernel (ELSA-2024-3618)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an authenticated user accessing sensitive information [CVE-2024-31893 CVE-2024-31894 CVE-2024-31895]

Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...

CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry

Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release > v0.273.0 and <= v0.297.0 CF Deployment > v30.9.0 and <= v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker ca...

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...

CVE-2024-30528 WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-22112 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high...

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

BIT-hubble-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....

CVE-2024-4180

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

CVE-2024-4180

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

CVE-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

CVE-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....

Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to IBM Java

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a...

RHEL 9 : binutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (CVE-2021-45078) In GNU Binutils...

RHEL 6 : mysql55-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016) (CVE-2016-3471) mysql:...

RHEL 5 : mysql55-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) ...

RHEL 6 : mariadb-galera (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability related to Server:DML (CPU October 2015) (CVE-2015-4879) mysql:...

KLA68438 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

RHEL 8 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) (CVE-2013-0433) Oracle JDK 7:...

RHEL 7 : icu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) (CVE-2015-4844) icu: Double free in...

RHEL 8 : 8.2_libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtpms: out-of-bounds access via specially crafted TPM 2 command packets (CVE-2021-3746) A stack...

RHEL 8 : fwupdate (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Use-after-free in rmmod command (CVE-2020-25632) grub2: Out-of-bounds write in...

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

CVE-2024-1298

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

Moodle broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

Moodle broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

CVE-2024-33996 moodle: broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...