PT-2024-7165

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 9.0.0 and prior Description The issue is related to the Connector/ODBC component of the MySQL Connectors product, which is part of the Oracle MySQL system. It is caused by inadequate authorization procedure due to...

Azul Zulu Java Multiple Vulnerabilities (2024-10-15)

The version of Azul Zulu installed on the remote host is 6 prior to 6.67.0.12 / 7 prior to 7.73.0.14 / 8 prior to 8.81.0.12 / 11 prior to 11.75.12 / 17 prior to 17.53.12 / 21 prior to 21.37.12 / 23 prior to 23.30.14. It is, therefore, affected by multiple vulnerabilities as referenced in the...

CentOS 7 : java-1.7.1-ibm (RHSA-2020:0468)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0468 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 6 : java-1.7.1-ibm (RHSA-2020:2236)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2236 advisory. - Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 a...

CentOS 7 : java-1.7.1-ibm (RHSA-2021:3293)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3293 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected...

CentOS 7 : java-1.7.1-ibm (RHSA-2022:4957)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4957 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected ar...

BIT-MYSQL-CLIENT-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

intel-microcode: Race conditions in some Intel(R) Processors

A flaw was found in intel-microcode. The hardware logic contains race conditions in some IntelR processors that may allow an authenticated user to enable partial information disclosure via local access...

CVE-2024-7781

CVE-2024-7781 concerns Jupiter X Core for WordPress. The records show an authentication bypass in all versions up to and including 4.7.5, enabling unauthenticated attackers to log in as the first user who logged in via a social media account (potentially an admin). The vulnerability can be exploi...

PT-2024-7137

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO Junos OS Evolved versions from 22.3 before 22.3R3-S4-EVO Junos OS Evolved versions from 22.4 before 22.4R3-S3-EVO Junos OS Evolved versio...

UBUNTU-CVE-2024-46781

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs...

SUSE CVE-2024-46688

In the Linux kernel, the following vulnerability has been resolved: erofs: fix out-of-bound access when zerofsgbufgrowsize partially fails If zerofsgbufgrowsize partially fails on a global buffer due to memory allocation failure or fault injection as reported by syzbot 1, new pages need to be fre...

CVE-2024-5628

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

DEBIAN-CVE-2024-46688

In the Linux kernel, the following vulnerability has been resolved: erofs: fix out-of-bound access when zerofsgbufgrowsize partially fails If zerofsgbufgrowsize partially fails on a global buffer due to memory allocation failure or fault injection as reported by syzbot 1, new pages need to be fre...

CVE-2024-5416

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-6010

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'createccorder' function, called from the Cost Calculator Builder...

CVE-2024-5956

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly...

CVE-2024-5956

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly...

CVE-2024-5956

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly...

CVE-2024-5956

The entry CVE-2024-5956 affects Trellix IPS Manager. PT-2024-37269 identifies Trellix IPS Manager version 11.1.7.97 as vulnerable and states that unauthenticated remote attackers can bypass authentication to access partial data and receive garbage data in responses. The description implies a bypa...