Important: Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update

An update for kpatch-patch-4180-3051201 and kpatch-patch-4180-3051381 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score...

RestrictedPython information leakage via `AttributeError.obj` and the `string` module

Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...

CGA-GW7P-4CFF-Q8RM

Bulletin has no description...

RHSA-2020:1852 Red Hat Security Advisory: patch security and bug fix update

Bulletin has no description...

Oracle DB SQL Injection Via SYS.LT.FINDRICSET Evil Cursor Method

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method', 'Description' = %q This module will escalate an Oracle DB user to DBA by...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

kernel: netfilter: validate user input for expected length

CVE-2024-35896 is a vulnerability in the Linux kernel's Netfilter component, where the setsockopt function fails to properly validate the length of user-supplied data before copying it into kernel space. This oversight can lead to out-of-bounds memory access, potentially causing system crashes or...

PT-2024-30251 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A reflected cross-site scripting XSS issue in the dl liuyan save.php component allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload. This enables the...

PT-2024-9653 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could be exploited by an attacker to execute arbitrary code in the context of the...

Important: kernel-livepatch-5.10.218-206.860

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-5.10.218-206.860 Issue Correction: Please ensure you have live patching enabled. Run yum update...

PT-2024-37723 · WordPress · Ebook Store

Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure due to the plugin utilizing fpdi-protection and not preventing direct access to tes...

PT-2024-38171 · 1E +1 · 1E Platform +1

Name of the Vulnerable Software and Affected Versions: 1E Platform affected versions not specified Duende Identity Server affected versions not specified Description: The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2024-20918, CVE-2024-20921 and CVE-2023-33850 were disclosed in the Oracle 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...

Photon OS 4.0: Linux PHSA-2024-4.0-0607

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0607. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle Releases Critical Patch Update Advisory for July 2024

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Orac...

Oracle Critical Patch Update, July 2024 Security Update Review

Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-part...

PT-2024-5083

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM Enterprise Edition versions 20.3.14, 21.3.10 Description: The vulnerability in the Oracle Java...

Oracle Critical Patch Update Advisory - July 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

kernel: net/mlx5: Properly link new fs rules into the tree

CVE-2024-35960 is a vulnerability in the Linux kernel's Mellanox MLX5 driver that affects flow steering rule handling. When identical rules are created and referenced multiple times, they can fail to properly link into the rule tree, leaving them uninitialized. This can cause system crashes durin...

PT-2024-26002 · Librtp.So · Librtp.So

Name of the Vulnerable Software and Affected Versions: librtp.so versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper input validation in parsing RTCP SR packets, which allows remote attackers to trigger a temporary denial of service. User interaction is required...