PT-2024-23086 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.187 Description: The issue concerns a weak security check in the uploadLogo function within the OrganisationsController.php file. This function does not properly validate logo uploads. Recommendations: For versions...

PT-2024-21379 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A problematic issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file "/vpnweb/resetpwd/resetpwd.php". Th...

PT-2024-8062 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2024-8063 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the handling of AcroForms, which can be exploited by remote attackers to...

PT-2024-8061 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the handling of AcroForms, which can be exploited by remote attackers to...

CLSA-2024-1709562273 Fix CVE(s): CVE-2023-51766

SECURITY UPDATE: SMTP smuggling because of . support - debian/patches/CVE-2023-51766.patch: reject "dot, LF" as ending data phase. Testcase for "smtp smuggling". - CVE-2023-51766...

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

CVE-2021-47036

In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIFFGROFRAGLIST or NETIFFGROUDPFWD are enabled, and there are UDP tunnels available in the system, udpgroreceive could end-up doing L4 aggregation either SKBGSOUDPL4 or...

PT-2024-22130 · Frrouting +4 · Frrouting +4

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 9.1 Description: The issue allows remote attackers to cause a denial of service, resulting in the ospfd daemon crash, via a malformed OSPF LSA packet. This occurs because of an attempted access to a missing...

Update now! ConnectWise ScreenConnect vulnerability needs your attention

ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage...

PT-2024-20785 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 15 Description: The Calendar module in the affected software does not escape user-supplied data in the default notification emai...

PT-2024-17955

Name of the Vulnerable Software and Affected Versions SKT Page Builder plugin for WordPress versions up to, and including, 4.1 Microsoft Outlook client affected versions not specified Description The issue allows for unauthorized modification of data due to a missing capability check on the...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CV...

PT-2024-1646

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the February 2024 patch update are affected, including Windows 10 and Windows 11. Description The vulnerability is related to Internet Shortcut Files and allows attackers to bypass Microsoft Defender...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2024-3288 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.39.6 and earlier, 1.40.x versions prior to 1.40.2, 1.41.x versions prior to 1.41.1 Description: An issue was discovered in WikibaseLexeme, related to inadequate access control. This issue allows an attacker to make an edi...

CLSA-2024-1706026767 Fix CVE(s): CVE-2023-39804

SECURITY UPDATE: denial of service attack - debian/patches/CVE-2023-39804.patch: Fix handling of extended header prefixes. - CVE-2023-39804.patch...

Oracle Solaris Critical Patch Update : jan2024_SRU11_4_63_157_1

The version of Solaris installed on the remote host is prior to 11.4.63.157.1. It is, therefore, affected by a vulnerability as referenced in the solaris11jan2024SRU114631571 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is...

Oracle Releases Critical Patch Update Advisory for January 2024

Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024...

Oracle Patch Update, January 2024 Security Update Review

Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...