Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2024-3288 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.39.6 and earlier, 1.40.x versions prior to 1.40.2, 1.41.x versions prior to 1.41.1 Description: An issue was discovered in WikibaseLexeme, related to inadequate access control. This issue allows an attacker to make an edi...

CLSA-2024-1706026767 Fix CVE(s): CVE-2023-39804

SECURITY UPDATE: denial of service attack - debian/patches/CVE-2023-39804.patch: Fix handling of extended header prefixes. - CVE-2023-39804.patch...

Oracle Solaris Critical Patch Update : jan2024_SRU11_4_63_157_1

The version of Solaris installed on the remote host is prior to 11.4.63.157.1. It is, therefore, affected by a vulnerability as referenced in the solaris11jan2024SRU114631571 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is...

Oracle Releases Critical Patch Update Advisory for January 2024

Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024...

Oracle Patch Update, January 2024 Security Update Review

Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...

PT-2024-1074

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions 8.0.x through 8.5.3 Description A template injection vulnerability in older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve remote code execution RCE on an affected...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data Increased user rights...

PT-2023-26359 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...

Important: kernel-livepatch-6.1.59-84.139

Issue Overview: x86: KVM: SVM: always update the x2avic msr interception CVE-2023-5090 A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events perf component can be exploited to achieve local privilege escalation. If perfreadgroup is called while an event's...

PT-2023-9066 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3,...

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

Security Bulletin: Java SE issues disclosed in the Oracle October 2023 Critical Patch Update plus CVE-2023-5676

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. For more information please refer to Oracle's October 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2023-15224 · WordPress · Email Templates Customizer/Designer

Name of the Vulnerable Software and Affected Versions: Email Templates Customizer and Designer for WordPress and WooCommerce versions 1.4.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Email Templates Customizer and Designer for WordPress and WooCommerce, allowing...

PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2

Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...

Important: kernel-livepatch-6.1.29-50.88

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

Oracle Solaris Critical Patch Update : oct2023_SRU11_4_61_151_2

The remote host is affected by a Denial of Service vulnerability which could be exploited by a low privileged attacker with logon to the infrastructure where Oracle Solaris executes. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid183516; scriptversion"1.1";...

Oracle Releases October 2023 Critical Patch Update Advisory

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle...

Oracle WebLogic Server (October 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the October 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...