Fedora 38 : suricata (2023-7e952959f8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e952959f8 advisory. This is a security release, additionally fixing a number of important bugs. Tenable has extracted the preceding description block directly from the Fedora...

PT-2023-25895 · Mediawiki +1 · Doublewiki Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki DoubleWiki extension versions through 1.39.3 Description: An issue was discovered in the DoubleWiki extension for MediaWiki that allows XSS via the column alignment feature in includes/DoubleWiki.php. Recommendations: For MediaWiki...

Security Bulletin: A security vulnerability has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition (CVE-2018-2755).

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-2755...

PT-2023-8202 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update, plus CVE-2023-2597. For more information please refer to Oracle's April 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2023-3326 · Libjxl +5 · Libjxl +5

Name of the Vulnerable Software and Affected Versions: libjxl versions prior to 0.8.2 Description: An issue in dec patch dictionary.cc can lead to a denial of service due to an integer underflow in patch decoding, potentially causing an infinite loop. The issue can be exploited by a remote attack...

Important: jettison

Issue Overview: Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of servic...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.61 packages and security update

Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

PT-2023-5269 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. through 8.0.28 PHP versions 8.1. through 8.1.19 PHP versions 8.2. through 8.2.6 Description: The issue is related to the use of a random value generator with a narrower range of values than it should have when using SOAP HTT...

Important: kernel-livepatch-5.10.178-162.673

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

WordPress Mercado Pago payments for WooCommerce Plugin < 6.4.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mercadopago:mercadopagopaymentsforwoocommerce"; if descripti...

CVE-2023-20718

CVE-2023-20718 affects the vcu module in MediaTek chip families. The root cause is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and no user interaction needed. The entry lists patch ALPS07645181/ALPS07645...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™

Summary Multiple vulnerabilities were disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of...

GHSA-476G-V7HF-CW5M Cross-site Scripting (XSS) in Document Properties Parameter

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

PT-2023-2452

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 17.x VMware Fusion versions 13.x Description The issue is related to a stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability m...

git -- Multiple vulnerabilities

git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. For more information please refer to Oracle's October 2022 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2022-21628...

Oracle Essbase (April 2023 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including following that are remotely exploitable: - Vulnerability in Security and Provisioning component o...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

PT-2023-2386 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: The issue exists due to improper input validation when uploading a Device Pack, allowing an authenticated, remote attacker to execute arbitrary commands with...