OpenJDK: integer overflow in C1 compiler address generation (8322122)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

CVE-2024-20954

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

OpenJDK: Pack200 excessive memory allocation (8322114)

A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...

PT-2024-3728 · Oracle +4 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. This can be exploited by a...

PT-2024-3533

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22 Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition version 21.3.9 Description The issue is related to errors in processing input data in the...

PHP 8.1.11 < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-wpj3-hf5j-x4v4) - Linux

PHP is prone to a Host-/Secure- cookie bypass vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if...

CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contains a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session...

CVE-2024-30391

CVE-2024-30391 describes a Missing Authentication for Critical Function in Junos OS PFE (MX Series with SPC3 and SRX Series). When IPsec uses hmac-sha-384 or hmac-sha-512, traffic exiting the tunnel is not authenticated and ingress is not expected to be authenticated, which can lead to limited im...

PHP 8.3.x < 8.3.6 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.6 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard...

Juniper Junos OS Vulnerability (JSA79185)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79185 advisory. - An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attack...

CVE-2024-20259

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

PT-2024-19418 · Csmock · Csmock

Name of the Vulnerable Software and Affected Versions: csmock affected versions not specified Description: A vulnerability was found in csmock where a regular user of the OSH service, with a valid Kerberos ticket, can disclose the confidential Snyk authentication token and run arbitrary commands ...

Security Bulletin: There are vulnerabilities in Golang related packages that are shipped with IBM CICS TX Advanced (CVE-2023-45285 and CVE-2023-39326).

Summary There are vulnerabilities in Golang related packages that are shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain...

CVE-2024-2184

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...

BIT-PHP-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2024-24905

Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data...

PT-2024-15394 · B&R · B&R Automation Studio Upgrade Service +1

Name of the Vulnerable Software and Affected Versions: B&R Automation Studio Upgrade Service and B&R Technology Guarding affected versions not specified Description: The issue is related to insufficient cryptography used for communication to the upgrade and licensing servers. A network-based...

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...