OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

AZL-33503 CVE-2024-20973 affecting package mysql for versions less than 8.0.36-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

AZL-33510 CVE-2024-20963 affecting package mysql for versions less than 8.0.36-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromis...

CVE-2023-21901

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

CVE-2024-21612 Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol OFP service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On all Junos OS Evolved platforms, when specific TCP packets are...

CVE-2024-21607 Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which...

CVE-2022-45794 Omron CJ-series and CS-series unauthenticated filesystem access.

An attacker with network access to the affected PLC CJ-series and CS-series PLCs, all versions may use a network protocol to read and write files on the PLC internal memory and memory card...

Code injection

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets...

Input validation

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

Microsoft SharePoint Server Privilege Escalation Vulnerability

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator...

CVE-2023-37297

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37293

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37296

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37295 Heap-based Buffer Overflow

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37294 Heap-based Buffer Overflow

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

PT-2024-1585 · Ami · Ami Megarac Sp-X

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC SP-X affected versions not specified Description: The issue is related to a heap memory corruption vulnerability in the BMC of AMI MegaRAC SP-X. This vulnerability can be exploited by an attacker via an adjacent network, potential...

PT-2024-1583 · Ami · Ami Megarac Sp-X

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC SP-X affected versions not specified Description: The issue is related to a buffer overflow in the dynamic memory of the AMI MegaRAC SP-X firmware, which can be exploited by an attacker over the network. This may lead to a loss of...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2023:4952-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4952-1 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...

PT-2023-31857 · Bluez +5 · Bluez +5

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this issue, as the...