CLSA-2024-1735130624 php: Fix of CVE-2024-8929

CVE-2024-8929: Fix leak partial content of the heap through heap buffer over-read issue...

DEBIAN-CVE-2024-53148

In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remappfnrange calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedibufmapputbm. The...

UBUNTU-CVE-2024-53148

In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remappfnrange calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedibufmapputbm. The...

K000149027: Java vulnerability CVE-2024-21208

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM fo...

The vulnerability of the Ruijie Reyee OS, related to deficiencies in data storage, allows a perpetrator to match the device serial number with the user’s phone number and a portion of the email address.

The vulnerability of the Ruijie Reyee OS is related to deficiencies in the storage of service data. Exploiting this vulnerability allows a malicious actor to match the device serial number with the user’s phone number and part of the email address...

CVE-2024-8326 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'scgetdetails' function. This makes it possible for...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:4306-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4306-1 advisory. Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed...

PT-2024-16046 · WordPress · Vayu Blocks

Name of the Vulnerable Software and Affected Versions: Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress versions up to, and including, 1.1.1 Description: The issue arises from a missing capability check on the tp install function, allowing unauthenticated attackers ...

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has a dependencies on IBM WebSphere Application Server Liberty, IBM Semeru Runtime, and Node.js elliptic & path-to-regexp modules, which are vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

kernel: iommu: Restore lost return in iommu_report_device_fault()

In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommureportdevicefault When iommureportdevicefault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return was accidently deleted which...

JDK: Unbounded allocation leads to out-of-memory error (8331446)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

Security update for nodejs20

This update for nodejs20 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

Sensitive Information Exposure

Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...

Oracle Siebel Server (July 2024 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Repository Utilities zlib. Supported versions that are affected...

Oracle Siebel Server 8.5.1.x <= 8.5.1.7 / 8.6.0 / 8.6.1 (April 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2019 CPU advisory. - Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM subcomponent: Information Manager Console Apache Xalan. Supported versions...

Oracle Siebel Server (April 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2019 CPU advisory. - Vulnerability in the Siebel Core - Server BizLogic Script component of Oracle Siebel CRM subcomponent: Integration - Scripting. The supported version that...

Oracle Siebel CRM 8.1.1.x < 8.1.1.11 / 8.2.2.x < 8.2.2.4 (October 2013 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2013 CPU advisory. - Vulnerability in the Siebel Core - Server Infrastructure component of Oracle Siebel CRM subcomponent: SISNAPI & Network Infrastructu. Supported...