Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2024-35863: Fixed potential UA...

PT-2024-9183 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: Information Disclosure vulnerabilities allow access to application configuration information. The issue is related to errors in...

Security update for python3-virtualenv

This update for python3-virtualenv fixes the following issues: Security issue fixed: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Non-security issue fixed: Relax version requirements that cannot be provided bsc1232072 Patch Instructions: To install this SUSE...

PT-2024-16745 · Tumult · Tumult Hype Animations

Name of the Vulnerable Software and Affected Versions: Tumult Hype Animations plugin for WordPress versions up to, and including, 1.9.15 Description: The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations...

PT-2024-17154 · Unknown · 1000 Projects Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Beauty Parlour Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /admin/edit-services.php...

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...

PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...

PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

PT-2024-8973 · Citrix · Citrix Netscaler Application Delivery Controller +1

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway affected versions not specified Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2821)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an...

CLSA-2024-1730919779 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...

CLSA-2024-1730920734 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...

PT-2024-16583 · Unknown · Romadebrian Web-Sekolah

Name of the Vulnerable Software and Affected Versions: romadebrian WEB-Sekolah version 1.0 Description: A critical vulnerability was found in the Mail Handler component of romadebrian WEB-Sekolah. The manipulation of the Name argument in the /Proses Kirim.php file leads to SQL injection. The atta...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2016:1601)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1601 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

PT-2024-16392 · Safenet · Esafenet Cdg 5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability was found in ESAFENET CDG 5, affecting the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. This vulnerability leads to SQL injection and...

CVE-2024-0128

creationtimestamp| type| source ---|---|--- 2024-10-26 08:53:12+00:00| seen| None 2024-10-26 08:53:14+00:00| confirmed| None 2024-10-26 08:53:59+00:00| patched| None 2024-10-26 08:59:46+00:00| seen| https://vulnerability.circl.lu/bundle/174bfb43-ffb3-48e4-bbf8-ad2028e270f2 2024-10-26...

PT-2024-39349 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 6.2 GA through fix pack 173 Liferay Portal versions 7.0 GA through fix pack 102 Liferay Portal versions 7.0.0 through 7.4.3.101 Liferay DXP versions 7.1 GA through fix pack 28 Liferay DXP versions 7.2 GA through fix pa...

Oracle Essbase Multiple Vulnerabilities (October 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform curl. The supported version that is affected is 21.6. Easily...

PT-2024-39683 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 versions prior to 12.1.3 ScienceLogic SL1 versions prior to 12.2.3 ScienceLogic SL1 versions prior to 12.3+ ScienceLogic SL1 versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x Description: The issue involves an unspecified...

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following...