PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

PT-2024-8973 · Citrix · Citrix Netscaler Application Delivery Controller +1

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway affected versions not specified Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2821)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an...

CLSA-2024-1730919779 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...

CLSA-2024-1730920734 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...

PT-2024-16583 · Unknown · Romadebrian Web-Sekolah

Name of the Vulnerable Software and Affected Versions: romadebrian WEB-Sekolah version 1.0 Description: A critical vulnerability was found in the Mail Handler component of romadebrian WEB-Sekolah. The manipulation of the Name argument in the /Proses Kirim.php file leads to SQL injection. The atta...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2016:1601)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1601 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

PT-2024-16392 · Safenet · Esafenet Cdg 5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability was found in ESAFENET CDG 5, affecting the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. This vulnerability leads to SQL injection and...

CVE-2024-0128

creationtimestamp| type| source ---|---|--- 2024-10-26 08:53:12+00:00| seen| None 2024-10-26 08:53:14+00:00| confirmed| None 2024-10-26 08:53:59+00:00| patched| None 2024-10-26 08:59:46+00:00| seen| https://vulnerability.circl.lu/bundle/174bfb43-ffb3-48e4-bbf8-ad2028e270f2 2024-10-26...

PT-2024-39349 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 6.2 GA through fix pack 173 Liferay Portal versions 7.0 GA through fix pack 102 Liferay Portal versions 7.0.0 through 7.4.3.101 Liferay DXP versions 7.1 GA through fix pack 28 Liferay DXP versions 7.2 GA through fix pa...

PT-2024-39683 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 versions prior to 12.1.3 ScienceLogic SL1 versions prior to 12.2.3 ScienceLogic SL1 versions prior to 12.3+ ScienceLogic SL1 versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x Description: The issue involves an unspecified...

Oracle Essbase Multiple Vulnerabilities (October 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform curl. The supported version that is affected is 21.6. Easily...

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following...

Oracle Critical Patch Update, October 2024 Security Update Review

Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001358 fixes several issues. The following security issues were fixed: CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...

PT-2024-6594 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update

An update for kpatch-patch-4180-3051201 and kpatch-patch-4180-3051381 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score...

RestrictedPython information leakage via `AttributeError.obj` and the `string` module

Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...

CGA-GW7P-4CFF-Q8RM

Bulletin has no description...