PT-2024-21416 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 7.2.5 Description: The issue allows authenticated attackers with administrator access and above to read the contents of arbitrary zip files on the server, which can contain...

SUSE CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

PT-2024-21097

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.8.1 through 11.2 ArcGIS Enterprise versions 11.1 and below Description The issue is related to improper authentication in the Home application, which could potentially allow a remote, unauthenticated attacker...

CLSA-2024-1711564698 Update of alt-php

New upstream 2024a version: - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - zic no longer pretends to support indefinite-past DST. - localtime no longer mishandles Ciudad Juárez in 2422. New upstream 2023d version: - Ittoqqortoormiit,...

CLSA-2024-1711564218 Update of alt-php

New upstream 2024a version: - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - zic no longer pretends to support indefinite-past DST. - localtime no longer mishandles Ciudad Juárez in 2422. New upstream 2023d version: - Ittoqqortoormiit,...

PT-2024-23236 · Elementor · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons versions through 5.5.3 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-23086 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.187 Description: The issue concerns a weak security check in the uploadLogo function within the OrganisationsController.php file. This function does not properly validate logo uploads. Recommendations: For versions...

PT-2024-21379 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A problematic issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file "/vpnweb/resetpwd/resetpwd.php". Th...

PT-2024-8061 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the handling of AcroForms, which can be exploited by remote attackers to...

PT-2024-8062 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2024-8063 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the handling of AcroForms, which can be exploited by remote attackers to...

CLSA-2024-1709562273 Fix CVE(s): CVE-2023-51766

SECURITY UPDATE: SMTP smuggling because of . support - debian/patches/CVE-2023-51766.patch: reject "dot, LF" as ending data phase. Testcase for "smtp smuggling". - CVE-2023-51766...

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

CVE-2021-47036

In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIFFGROFRAGLIST or NETIFFGROUDPFWD are enabled, and there are UDP tunnels available in the system, udpgroreceive could end-up doing L4 aggregation either SKBGSOUDPL4 or...

PT-2024-22130 · Frrouting +4 · Frrouting +4

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 9.1 Description: The issue allows remote attackers to cause a denial of service, resulting in the ospfd daemon crash, via a malformed OSPF LSA packet. This occurs because of an attempted access to a missing...

Update now! ConnectWise ScreenConnect vulnerability needs your attention

ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage...

PT-2024-17955

Name of the Vulnerable Software and Affected Versions SKT Page Builder plugin for WordPress versions up to, and including, 4.1 Microsoft Outlook client affected versions not specified Description The issue allows for unauthorized modification of data due to a missing capability check on the...

PT-2024-20785 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 15 Description: The Calendar module in the affected software does not escape user-supplied data in the default notification emai...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CV...

PT-2024-1646

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the February 2024 patch update are affected, including Windows 10 and Windows 11. Description The vulnerability is related to Internet Shortcut Files and allows attackers to bypass Microsoft Defender...