RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the...

CVE-2024-36077

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 14.173.3...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

Code injection

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

CLSA-2024-1705081413 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Request smuggling - debian/patches/CVE-2023-46589-pre1.patch: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed - debian/patches/CVE-2023-46589-pre2.patch:...

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity...

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

CVE-2023-4501 Authentication bypass in OpenText (Micro Focus) Enterprise Server

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

CLSA-2023-1691083477 Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484

SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases...

PT-2023-1662

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions prior to February 2023 Patch Tuesday Description This concerns a critical elevation of privilege issue in Microsoft Outlook. Exploitation of this flaw, tracked as CVE-2023-23397, allows attackers to gain unauthorized...

CLSA-2022-1669241032 Fix CVE(s): CVE-2022-45061

SECURITY UPDATE: Uncontrolled resource consumption - debian/patches/CVE-2022-45061-v2.7.patch: Fix quadratic time idna decoding - CVE-2022-45061 Make tests to be compatible with expat 2.1.0 from tuxcare.els: - debian/patches/expat-regression-v2.7.patch: Make test suite support Expat =2.4.5...

PT-2022-25516 · Actian · Actian Zen Psql

Name of the Vulnerable Software and Affected Versions: Actian Zen PSQL versions prior to v15.11.005 Actian Zen PSQL versions prior to v15.01.017 Actian Zen PSQL versions prior to v14.21.022 Description: The issue arises when folder security is misconfigured, allowing an attacker with file...

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: Potential security vulnerabilities in IBM SDK for Java for WebSphere Application Server

Abstract The IBM WebSphere Application Server is shipped with an IBM Developer kit for Java that is based on the Oracle SDK. Oracle has released October 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM SDK for Java that WebSphere Application Server ships is...

Security Bulletin: IBM OmniFind Enterprise Edition and IBM Content Analytics – Oracle Critical Patch Updates February 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM OmniFind Enterprise Edition and IBM Content Analytics and products. Content The products listed below may be affected by security vulnerabilities reported by Oracle’s February 2013 Critical Patch...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager Content The products listed below might be affected by security vulnerabilities reported by Oracle’s April 2013 Critical Patch Updates: · IBM FileNet Business Proces...

CVE-2022-35987 `CHECK` fail in `DenseBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. We have...

CLSA-2022-1655757814 Fix CVE(s): CVE-2020-1938, CVE-2020-9484, CVE-2021-25329

Fix build process: - debian/keystores/.pem|.jks: update expiring certs and keystores - debian/patches/0028-update-expiring-test-certs.patch: update expiring test certs - debian/patches/0029-fix-path-to-valid-keystore.patch: fix path to valid keystore - debian/patches/0030-use-tls12-in-tests.patch...

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...