CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

PT-2023-8186 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions 7.1 through 7.11 Description: The issue is related to incorrect access control mechanisms in place for the Rest API, which can allow a remote attacker to disclose protected information. Recommendations: For versions...

PT-2023-4621 · Unknown · Tn-5900 Series

Name of the Vulnerable Software and Affected Versions: TN-5900 Series firmware versions v3.3 and prior Description: The issue stems from insufficient input validation and improper authentication in the key-generation function. This could potentially allow malicious users to execute remote code on...

PT-2023-8075 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2023-8021 · Abb · Abb Freelance Controllers Ac 700F +1

Name of the Vulnerable Software and Affected Versions: ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 201...

CVE-2023-35082 – Remote Unauthenticated API Access Vulnerability

DESCRIPTION: Update: Since originally reporting CVE-2023-35082 on 2 August 2023 at 10:00 MDT, Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile EPMM 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below. The risk ...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_59_144_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Tomcat. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability...

Oracle WebLogic Server (July 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the July 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Oracle Solaris Critical Patch Update : jul2023_SRU11_3_36_32_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_58_144_3

This Solaris system is missing necessary patches to address critical security updates : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle CPU for jul2023. include'deprecatednasllevel.inc'; include'compat.inc'...

Oracle Patch Tuesday, July 2023 Security Update Review

Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

Oracle Critical Patch Update Advisory - July 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PT-2023-4000 · Juniper Networks · Srx Series +2

Name of the Vulnerable Software and Affected Versions: Juniper Networks SRX Series and MX Series versions prior to SigPack 3598 Description: The issue is related to an improper validation of syntactic correctness of input in the Intrusion Detection and Prevention IDP system of Junos OS, allowing ...

CLSA-2023-1689010064 Fix CVE(s): CVE-2022-29885

SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-2988...

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak...

PT-2023-12514 · WordPress · Hm Multiple Roles

Name of the Vulnerable Software and Affected Versions: Multiple Roles plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is due to missing or incorrect nonce validation on the mu add roles in signup meta and mu add roles in signup meta recently functions. This allows...

Fedora 38 : suricata (2023-7e952959f8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e952959f8 advisory. This is a security release, additionally fixing a number of important bugs. Tenable has extracted the preceding description block directly from the Fedora...

PT-2023-25895 · Mediawiki +1 · Doublewiki Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki DoubleWiki extension versions through 1.39.3 Description: An issue was discovered in the DoubleWiki extension for MediaWiki that allows XSS via the column alignment feature in includes/DoubleWiki.php. Recommendations: For MediaWiki...