PT-2024-1074

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions 8.0.x through 8.5.3 Description A template injection vulnerability in older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve remote code execution RCE on an affected...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data Increased user rights...

PT-2023-26359 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...

Important: kernel-livepatch-6.1.59-84.139

Issue Overview: x86: KVM: SVM: always update the x2avic msr interception CVE-2023-5090 A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events perf component can be exploited to achieve local privilege escalation. If perfreadgroup is called while an event's...

PT-2023-9066 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3,...

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

Security Bulletin: Java SE issues disclosed in the Oracle October 2023 Critical Patch Update plus CVE-2023-5676

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. For more information please refer to Oracle's October 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2023-15224 · WordPress · Email Templates Customizer/Designer

Name of the Vulnerable Software and Affected Versions: Email Templates Customizer and Designer for WordPress and WooCommerce versions 1.4.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Email Templates Customizer and Designer for WordPress and WooCommerce, allowing...

PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2

Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...

Important: kernel-livepatch-6.1.29-50.88

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

Oracle Solaris Critical Patch Update : oct2023_SRU11_4_61_151_2

The remote host is affected by a Denial of Service vulnerability which could be exploited by a low privileged attacker with logon to the infrastructure where Oracle Solaris executes. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid183516; scriptversion"1.1";...

Oracle Releases October 2023 Critical Patch Update Advisory

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle...

Oracle WebLogic Server (October 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches, plus additional third party patches noted below, for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Oracle Critical Patch Update Advisory - October 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM® SDK, Java™ Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

CLSA-2023-1696351966 Fix CVE(s): CVE-2022-48541

SECURITY UPDATE: a memory leak that allows remote attackers to perform a denial of service via the "identify -help" command - debian/patches/CVE-2022-48541.patch: added missing calls to destroy methods - CVE-2022-48541...

PT-2023-5267

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One on-prem and SaaS versions affected versions not specified Worry-Free Business Security versions affected versions not specified Worry-Free Business Security Services versions affected versions not specified Description A...

PT-2023-28078 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to improper neutralization of special elements used in an OS command, allowing remote authenticated users to execute arbitrary commands via unspecifi...