PT-2023-4000 · Juniper Networks · Srx Series +2

Name of the Vulnerable Software and Affected Versions: Juniper Networks SRX Series and MX Series versions prior to SigPack 3598 Description: The issue is related to an improper validation of syntactic correctness of input in the Intrusion Detection and Prevention IDP system of Junos OS, allowing ...

CLSA-2023-1689010064 Fix CVE(s): CVE-2022-29885

SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-2988...

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak...

PT-2023-12514 · WordPress · Hm Multiple Roles

Name of the Vulnerable Software and Affected Versions: Multiple Roles plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is due to missing or incorrect nonce validation on the mu add roles in signup meta and mu add roles in signup meta recently functions. This allows...

PT-2023-25895 · Mediawiki +1 · Doublewiki Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki DoubleWiki extension versions through 1.39.3 Description: An issue was discovered in the DoubleWiki extension for MediaWiki that allows XSS via the column alignment feature in includes/DoubleWiki.php. Recommendations: For MediaWiki...

Fedora 38 : suricata (2023-7e952959f8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e952959f8 advisory. This is a security release, additionally fixing a number of important bugs. Tenable has extracted the preceding description block directly from the Fedora...

Security Bulletin: A security vulnerability has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition (CVE-2018-2755).

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-2755...

PT-2023-8202 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update, plus CVE-2023-2597. For more information please refer to Oracle's April 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

PT-2023-3326 · Libjxl +5 · Libjxl +5

Name of the Vulnerable Software and Affected Versions: libjxl versions prior to 0.8.2 Description: An issue in dec patch dictionary.cc can lead to a denial of service due to an integer underflow in patch decoding, potentially causing an infinite loop. The issue can be exploited by a remote attack...

Important: jettison

Issue Overview: Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of servic...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.61 packages and security update

Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

PT-2023-5269 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. through 8.0.28 PHP versions 8.1. through 8.1.19 PHP versions 8.2. through 8.2.6 Description: The issue is related to the use of a random value generator with a narrower range of values than it should have when using SOAP HTT...

Important: kernel-livepatch-5.10.178-162.673

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

WordPress Mercado Pago payments for WooCommerce Plugin < 6.4.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mercadopago:mercadopagopaymentsforwoocommerce"; if descripti...

CVE-2023-20718

CVE-2023-20718 affects the vcu module in MediaTek chip families. The root cause is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and no user interaction needed. The entry lists patch ALPS07645181/ALPS07645...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™

Summary Multiple vulnerabilities were disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of...

GHSA-476G-V7HF-CW5M Cross-site Scripting (XSS) in Document Properties Parameter

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

PT-2023-2452

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 17.x VMware Fusion versions 13.x Description The issue is related to a stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability m...

git -- Multiple vulnerabilities

git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch CVE-2023-29007: A...