357 matches found
Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-671)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-671 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java...
[SECURITY] [DLA 3854-1] tryton-client security update
Debian LTS Advisory DLA-3854-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS Package : tryton-client Version : 5.0.5-1+deb10u1 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server...
EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2024-1547)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...
CVE-2024-1132
Keycloak path traversal vulnerability (CVE-2024-1132) arises from improper validation of redirect URLs, enabling an attacker to bypass validation and access other URLs within the domain when a client uses wildcard Valid Redirect URIs. The issue requires user interaction and affects clients with w...
discordrb OS Command Injection vulnerability
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
The vulnerability of the centralized endpoint security management tools—WithSecure Client Security, WithSecure Server Security, WithSecure Email and Server Security, WithSecure Elements Endpoint Protection, WithSecure Linux Security, WithSecure Linux Protection, WithSecure Atlant—is related to insufficient validation of input data. This allows attackers to trigger a Denial-of-Service attack.
The vulnerability of the centralized endpoint security management tools—WithSecure Client Security, WithSecure Server Security, WithSecure Email and Server Security, WithSecure Elements Endpoint Protection, WithSecure Linux Security, WithSecure Linux Protection, and WithSecure Atlant—is related t...
CVE-2024-27359
Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protectio...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products, which stems from the fact that the engine scanning program may enter an infinite loop when processing archived files, resulting in a denial of service. T...
CVE-2024-27359
Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protectio...
PT-2024-1945 · Withsecure · Withsecure Server Security +7
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...
PT-2024-14036 · Td Bank · Td Advanced Dashboard Client
Name of the Vulnerable Software and Affected Versions: TD Bank TD Advanced Dashboard client through 3.0.3 for macOS Description: The issue allows arbitrary code execution due to the lack of electron::fuses::IsRunAsNodeEnabled, which means ELECTRON RUN AS NODE can be used in production. This makes...
CVE-2024-23764
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...
CVE-2024-23764
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...
WithSecure products Security breaches
WithSecure products are a range of security software from the Finnish company WithSecure. A security vulnerability exists in some WithSecure products. An attacker can exploit the vulnerability to escalate privileges. The following products and versions are affected: WithSecure Client Security...
CVE-2024-23764
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...
CVE-2024-23764
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later...
PT-2024-20067 · Withsecure · Withsecure Elements Endpoint Protection +3
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security versions 15 and later WithSecure Server Security versions 15 and later WithSecure Email and Server Security versions 15 and later WithSecure Elements Endpoint Protection versions 17 and later Description: Certain...
GHSA-JW42-5M4V-9C8G Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68w7-72jg-6qpp. This link is maintained to preserve external references. Original Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...
CVE-2023-42801
CVE-2023-42801 affects Moonlight-common-c, the core GameStream client code. The vulnerability is a stack-based buffer overflow in the library that begins after pairing, exploitable by sending a malicious game streaming server to a Moonlight client. Exploitation could crash the client and, in theo...
CVE-2023-49321
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...