Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-47874]

Summary Starlette is used by IBM App Connect Enterprise Certified Container by the mapping assistance component . IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-53981]

Summary python-multipart is used by IBM App Connect Enterprise Certified Container for parsing messages sent to the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulleti...

PT-2025-3424 · Bioware · Dragon Age Origins

Name of the Vulnerable Software and Affected Versions: Dragon Age Origins version 1.05 Description: The DAUpdaterSVC service in Dragon Age Origins contains an unquoted service path issue, allowing users to modify the executable file path used by the service. This service runs with NT...

PT-2025-2883 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue concerns a hardcoded password in the affected versions. This password can be used to decrypt all firmware updates. Recommendations: For SunGrow WiNet-SV200 versions...

PT-2025-3550 · Lunasvg · Lunasvg

Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is related to an allocation-size-too-big bug in the plutovg surface create component. This bug can be exploited. Recommendations: For lunasvg version 3.0.0, consider disabling the plutovg surface...

PT-2025-1189

Name of the Vulnerable Software and Affected Versions MGate 5121/5122/5123 Series firmware version v1.0 Description A stored Cross-site Scripting XSS vulnerability exists due to insufficient sanitization and encoding of user input in the Login Message functionality. An authenticated attacker with...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2025:0109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-4219 · Microsoft · Windows Telephony Service +1

Name of the Vulnerable Software and Affected Versions: Windows Telephony Service affected versions not specified Description: The issue allows remote attackers to execute arbitrary code, affecting the system. This can lead to unauthorized access and control. No information is provided about the...

PT-2025-1225 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an uncontrolled resource consumption vulnerability in the upnphost.dll library of the Windows operating system. This can be exploited by a remote attacker to cause a...

PT-2025-1291 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 25.12, 26.1 and earlier Description: The issue is related to an integer underflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...

CVE-2024-20149

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165...

CVE-2024-20145

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...

CVE-2024-20149

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165...

Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

PT-2024-9716 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which can be exploited by a remote attacker to execute arbitrary code...

PT-2024-9356 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services affected versions not specified Description: The issue is related to the use of memory after it has been freed in Microsoft Windows Remote Desktop Services. This can allow a remote attacker to execute arbitrary...

Security Bulletin: IBM Business Automation Navigator is affected by a vulnerability in path-to-regexp (CVE-2024-45296)

Summary IBM Business Automation Navigator has addressed the following vulnerability. This does not impact IBM Content Navigator on-prem. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

PT-2024-9578 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x through 2.319.x Description: The issue is related to a weak credential mechanism used in the Ruijie Reyee OS, which could allow an attacker to easily calculate MQTT credentials. This could potentially permit a...

PT-2024-9641 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...

PT-2024-8837 · Intel · Intel Server Board S2600St Family Bios/Firmware Update

Name of the Vulnerable Software and Affected Versions: Intel Server Board S2600ST Family BIOS and Firmware Update software all versions Description: The issue is related to an uncontrolled search path element in the Intel Server Board S2600ST Family BIOS and Firmware Update software. This could...