CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2

CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2. A patched version of the package is available...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-8876)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8876 advisory. - Rebase to Go1.22.5 to fix CVE-2024-24791 - Addresses CVEs-2024-24789 and CVE-2024-24790 - Rebase to Go1.22.5 to fix CVE-2024-24791 - Addresses CVEs-2024-24789...

PT-2025-11655 · Synology · Synology Application Service +1

Name of the Vulnerable Software and Affected Versions: Synology Replication Service versions prior to 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description: The vulnerability is an off-by-one error in the transmission component of...

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

Ruby REXML < 3.3.9 ReDoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.9. It is, therefore, affected by a ReDoS vulnerability. The vulnerability lies when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with...

PT-2024-33175 · Unknown · Total.Js Cms

Name of the Vulnerable Software and Affected Versions: Total.js CMS version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the func.js file. Recommendations: For Total.js CMS version 1.0, update the func.js file to prevent arbitrary code execution or consider...

CLSA-2024-1729629058 python-lxml: Fix of CVE-2021-43818

CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner...

CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

PT-2024-33260 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: An improper access control vulnerability could allow a local attacker to escalate privileges on affected installations. To exploit this issue, an attacker must first obtain the ability t...

DEBIAN-CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1

CVE-2024-44990 affecting package kernel for versions less than 6.6.51.1-1. An upgraded version of the package is available that resolves this issue...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-43855)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43855 advisory. - In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddevsuspend an...

BIT-DISCOURSE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...

PT-2024-31983 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202406.d Description: A cross-site scripting XSS issue was discovered in PublicCMS via a crafted script to the Category Management feature. This allows for potential exploitation. Recommendations: For PublicCMS version...

PT-2025-17629

Name of the Vulnerable Software and Affected Versions Intel CPUs from 9th generation onward affected versions not specified Description The issue is related to a flaw in the branch predictor component of Intel CPUs, which can be exploited to leak sensitive data from privileged memory. This is due...

CGA-V559-JW8J-X9QX

Bulletin has no description...

CGA-8473-P45J-P2JG

Bulletin has no description...

CVE-2024-9007 jeanmarc77 123solar detailed.php cross site scripting

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...