PT-2024-5083

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM Enterprise Edition versions 20.3.14, 21.3.10 Description: The vulnerability in the Oracle Java...

Oracle Critical Patch Update Advisory - July 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

kernel: net/mlx5: Properly link new fs rules into the tree

CVE-2024-35960 is a vulnerability in the Linux kernel's Mellanox MLX5 driver that affects flow steering rule handling. When identical rules are created and referenced multiple times, they can fail to properly link into the rule tree, leaving them uninitialized. This can cause system crashes durin...

PT-2024-26002 · Librtp.So · Librtp.So

Name of the Vulnerable Software and Affected Versions: librtp.so versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper input validation in parsing RTCP SR packets, which allows remote attackers to trigger a temporary denial of service. User interaction is required...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.16.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

PT-2024-27777 · Craft Cms · Craft Cms

Name of the Vulnerable Software and Affected Versions: Craft CMS versions up to v3.7.31 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "GraphQL API endpoint". There is no information provided about the estimated number of potentiall...

CLSA-2024-1718202753 Fix CVE(s): CVE-2023-4016

SECURITY UPDATE: Ability to write almost unlimited amounts of unfiltered data into the process heap - debian/patches/CVE-2023-4016-2.patch: ps: extended fix of the CVE-2023-4016 - fix possible buffer overflow in -C option. - CVE-2023-4016...

Pixel Update Bulletin—June 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-06-05 or later address all issues in this bulletin and all issues in the June 2024 Android Securit...

PT-2024-4224 · Adobe · Audition

Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 24.2, 23.6.4 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations...

CGA-P4VX-7FG6-H88C

Bulletin has no description...

Campbell Scientific CSI Web Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

PT-2024-23983 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including, 2.0.6.0 Description: The issue is related to Stored Cross-Site Scripting via the title html tag...

CVE-2024-27082

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular...

PT-2024-20388 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7203 and prior Description: The issue is related to a Privilege Escalation vulnerability in the Modify Computers option. This vulnerability allows for improper privilege management, which can lead...

Fedora 40 : clamav (2024-34474f346b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-34474f346b advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...

Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

Oracle Releases Critical Patch Update Advisory for April 2024

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following...

Oracle Solaris Critical Patch Update : apr2024_SRU11_4_54_138_1

The version of Solaris installed on the remote host is prior to 11.4.54.138.1. It is, therefore, affected by a vulnerability as referenced in the solaris11apr2024SRU114541381 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. The supported version that i...

Oracle Critical Patch Update Advisory - April 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

GHSA-QJX3-2G35-6HV8 Mautic Sensitive Data Exposure due to inadequate user permission settings

Impact Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. Patches Update to 4.4.12 and 5.0.4...