The vulnerability of the net/mlx5e component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the net/mlx5e component in the Linux operating system is related to the assignment of null MAC during security patch updates. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

Yokogawa CENTUM

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Yokogawa Equipment : CENTUM Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the...

CVE-2024-36077

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 14.173.3...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

Code injection

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

CLSA-2024-1705081413 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Request smuggling - debian/patches/CVE-2023-46589-pre1.patch: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed - debian/patches/CVE-2023-46589-pre2.patch:...

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity...

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

CVE-2023-4501 Authentication bypass in OpenText (Micro Focus) Enterprise Server

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

CLSA-2023-1691083477 Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484

SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases...

PT-2023-1662

Name of the Vulnerable Software and Affected Versions Microsoft Outlook affected versions not specified Description An elevation of privilege issue exists in Microsoft Outlook that allows a remote, unauthenticated attacker to compromise systems by sending a specially crafted email. The attack is...

CLSA-2022-1669241032 Fix CVE(s): CVE-2022-45061

SECURITY UPDATE: Uncontrolled resource consumption - debian/patches/CVE-2022-45061-v2.7.patch: Fix quadratic time idna decoding - CVE-2022-45061 Make tests to be compatible with expat 2.1.0 from tuxcare.els: - debian/patches/expat-regression-v2.7.patch: Make test suite support Expat =2.4.5...

PT-2022-25516 · Actian · Actian Zen Psql

Name of the Vulnerable Software and Affected Versions: Actian Zen PSQL versions prior to v15.11.005 Actian Zen PSQL versions prior to v15.01.017 Actian Zen PSQL versions prior to v14.21.022 Description: The issue arises when folder security is misconfigured, allowing an attacker with file...

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: Potential security vulnerabilities in IBM SDK for Java for WebSphere Application Server

Abstract The IBM WebSphere Application Server is shipped with an IBM Developer kit for Java that is based on the Oracle SDK. Oracle has released October 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM SDK for Java that WebSphere Application Server ships is...

Security Bulletin: IBM OmniFind Enterprise Edition and IBM Content Analytics – Oracle Critical Patch Updates February 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM OmniFind Enterprise Edition and IBM Content Analytics and products. Content The products listed below may be affected by security vulnerabilities reported by Oracle’s February 2013 Critical Patch...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager Content The products listed below might be affected by security vulnerabilities reported by Oracle’s April 2013 Critical Patch Updates: · IBM FileNet Business Proces...

CVE-2022-35987 `CHECK` fail in `DenseBincount` in TensorFlow

TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. We have...