CLSA-2024-1718202753 Fix CVE(s): CVE-2023-4016

SECURITY UPDATE: Ability to write almost unlimited amounts of unfiltered data into the process heap - debian/patches/CVE-2023-4016-2.patch: ps: extended fix of the CVE-2023-4016 - fix possible buffer overflow in -C option. - CVE-2023-4016...

PT-2024-4224 · Adobe · Audition

Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 24.2, 23.6.4 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations...

Pixel Update Bulletin—June 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-06-05 or later address all issues in this bulletin and all issues in the June 2024 Android Securit...

CGA-P4VX-7FG6-H88C

Bulletin has no description...

Campbell Scientific CSI Web Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

PT-2024-23983 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including, 2.0.6.0 Description: The issue is related to Stored Cross-Site Scripting via the title html tag...

CVE-2024-27082

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular...

PT-2024-20388 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7203 and prior Description: The issue is related to a Privilege Escalation vulnerability in the Modify Computers option. This vulnerability allows for improper privilege management, which can lead...

Fedora 40 : clamav (2024-34474f346b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-34474f346b advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...

Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

Oracle Releases Critical Patch Update Advisory for April 2024

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following...

Oracle Solaris Critical Patch Update : apr2024_SRU11_4_54_138_1

The version of Solaris installed on the remote host is prior to 11.4.54.138.1. It is, therefore, affected by a vulnerability as referenced in the solaris11apr2024SRU114541381 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. The supported version that i...

Oracle Critical Patch Update Advisory - April 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

GHSA-QJX3-2G35-6HV8 Mautic Sensitive Data Exposure due to inadequate user permission settings

Impact Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. Patches Update to 4.4.12 and 5.0.4...

PT-2024-21416 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 7.2.5 Description: The issue allows authenticated attackers with administrator access and above to read the contents of arbitrary zip files on the server, which can contain...

SUSE CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

PT-2024-21097

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.8.1 through 11.2 ArcGIS Enterprise versions 11.1 and below Description The issue is related to improper authentication in the Home application, which could potentially allow a remote, unauthenticated attacker...

CLSA-2024-1711564698 Update of alt-php

New upstream 2024a version: - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - zic no longer pretends to support indefinite-past DST. - localtime no longer mishandles Ciudad Juárez in 2422. New upstream 2023d version: - Ittoqqortoormiit,...

CLSA-2024-1711564218 Update of alt-php

New upstream 2024a version: - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - zic no longer pretends to support indefinite-past DST. - localtime no longer mishandles Ciudad Juárez in 2422. New upstream 2023d version: - Ittoqqortoormiit,...

PT-2024-23236 · Elementor · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons versions through 5.5.3 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...