1965 matches found
PT-2024-16745 · Tumult · Tumult Hype Animations
Name of the Vulnerable Software and Affected Versions: Tumult Hype Animations plugin for WordPress versions up to, and including, 1.9.15 Description: The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations...
PT-2024-17154 · Unknown · 1000 Projects Beauty Parlour Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Beauty Parlour Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /admin/edit-services.php...
PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent
Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...
PT-2024-16666 · WordPress · Migration
Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...
PT-2024-8973 · Citrix · Citrix Netscaler Application Delivery Controller +1
Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway affected versions not specified Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in...
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2821)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an...
CLSA-2024-1730919779 java-1.8.0-openjdk: Fix of 4 CVEs
Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...
CLSA-2024-1730920734 java-1.8.0-openjdk: Fix of 4 CVEs
Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...
PT-2024-16583 · Unknown · Romadebrian Web-Sekolah
Name of the Vulnerable Software and Affected Versions: romadebrian WEB-Sekolah version 1.0 Description: A critical vulnerability was found in the Mail Handler component of romadebrian WEB-Sekolah. The manipulation of the Name argument in the /Proses Kirim.php file leads to SQL injection. The atta...
RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2016:1601)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1601 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...
PT-2024-16392 · Safenet · Esafenet Cdg 5
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability was found in ESAFENET CDG 5, affecting the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. This vulnerability leads to SQL injection and...
CVE-2024-0128
creationtimestamp| type| source ---|---|--- 2024-10-26 08:53:12+00:00| seen| None 2024-10-26 08:53:14+00:00| confirmed| None 2024-10-26 08:53:59+00:00| patched| None 2024-10-26 08:59:46+00:00| seen| https://vulnerability.circl.lu/bundle/174bfb43-ffb3-48e4-bbf8-ad2028e270f2 2024-10-26...
PT-2024-39349 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 6.2 GA through fix pack 173 Liferay Portal versions 7.0 GA through fix pack 102 Liferay Portal versions 7.0.0 through 7.4.3.101 Liferay DXP versions 7.1 GA through fix pack 28 Liferay DXP versions 7.2 GA through fix pa...
PT-2024-39683 · Sciencelogic · Sciencelogic Sl1
Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 versions prior to 12.1.3 ScienceLogic SL1 versions prior to 12.2.3 ScienceLogic SL1 versions prior to 12.3+ ScienceLogic SL1 versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x Description: The issue involves an unspecified...
Oracle Essbase Multiple Vulnerabilities (October 2024 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform curl. The supported version that is affected is 21.6. Easily...
Oracle Releases Quarterly Critical Patch Update Advisory for October 2024
Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following...
Oracle Critical Patch Update, October 2024 Security Update Review
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...
Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001358 fixes several issues. The following security issues were fixed: CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...
PT-2024-6594 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...