Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
Category Archives: Advisories
Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for remote code execution. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and authentication), and apply those settings on a schedule throughout the network. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
httpd-2.4.59-2.fc40
FEDORA-2024-937be154d8
Packages in this update:
httpd-2.4.59-2.fc40
Update description:
This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES_2.4.59 for complete details of the changes in this release.
httpd-2.4.59-2.fc39
FEDORA-2024-d0dccd6b96
Packages in this update:
httpd-2.4.59-2.fc39
Update description:
This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES_2.4.59 for complete details of the changes in this release.
USN-6729-2: Apache HTTP Server vulnerabilities
USN-6729-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS.
(CVE-2024-27316)
python-pip-23.2.1-2.fc39
FEDORA-2024-b72bc39c00
Packages in this update:
python-pip-23.2.1-2.fc39
Update description:
Security fix for CVE-2023-5752
python-pip-22.3.1-4.fc38
FEDORA-2024-600031d2e9
Packages in this update:
python-pip-22.3.1-4.fc38
Update description:
Security fix for CVE-2023-5752
putty-0.81-1.el8
FEDORA-EPEL-2024-99cf4e74b7
Packages in this update:
putty-0.81-1.el8
Update description:
Security fix for CVE-2024-31497.
putty-0.81-1.el9
FEDORA-EPEL-2024-79f96e9d05
Packages in this update:
putty-0.81-1.el9
Update description:
Security fix for CVE-2024-31497.
putty-0.81-1.fc38
FEDORA-2024-08a4a5ead8
Packages in this update:
putty-0.81-1.fc38
Update description:
Security fix for CVE-2024-31497.