1848 matches found
Oracle Critical Patch Update, October 2024 Security Update Review
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...
Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001358 fixes several issues. The following security issues were fixed: CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...
PT-2024-6594 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...
Important: Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update
An update for kpatch-patch-4180-3051201 and kpatch-patch-4180-3051381 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score...
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...
CGA-GW7P-4CFF-Q8RM
Bulletin has no description...
RHSA-2020:1852 Red Hat Security Advisory: patch security and bug fix update
Bulletin has no description...
Oracle DB SQL Injection Via SYS.LT.FINDRICSET Evil Cursor Method
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method', 'Description' = %q This module will escalate an Oracle DB user to DBA by...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...
kernel: netfilter: validate user input for expected length
CVE-2024-35896 is a vulnerability in the Linux kernel's Netfilter component, where the setsockopt function fails to properly validate the length of user-supplied data before copying it into kernel space. This oversight can lead to out-of-bounds memory access, potentially causing system crashes or...
PT-2024-30251 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A reflected cross-site scripting XSS issue in the dl liuyan save.php component allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload. This enables the...
PT-2024-9653 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could be exploited by an attacker to execute arbitrary code in the context of the...
Important: kernel-livepatch-5.10.218-206.860
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-5.10.218-206.860 Issue Correction: Please ensure you have live patching enabled. Run yum update...
PT-2024-37723 · WordPress · Ebook Store
Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure due to the plugin utilizing fpdi-protection and not preventing direct access to tes...
PT-2024-38171 · 1E +1 · 1E Platform +1
Name of the Vulnerable Software and Affected Versions: 1E Platform affected versions not specified Duende Identity Server affected versions not specified Description: The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Summary CVE-2024-20918, CVE-2024-20921 and CVE-2023-33850 were disclosed in the Oracle 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...
Photon OS 4.0: Linux PHSA-2024-4.0-0607
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0607. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Oracle Releases Critical Patch Update Advisory for July 2024
Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Orac...
Oracle Critical Patch Update, July 2024 Security Update Review
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-part...