INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) Security Vulnerabilities
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
6.1AI Score
(RHSA-2024:1921) Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.6AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0141 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory. jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) bootstrap: XSS in the data-target attribute...
7.9AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0142 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023) Note that Nessus has not tested for this...
7.2AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5195 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...
7.8AI Score
CVE-2024-5051 SourceCodester Gas Agency Management System edituser.php sql injection
A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...
7AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...
6.3CVSS
7.5AI Score
0.0004EPSS
Intel Active Management - Authentication Bypass
Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision....
7.1AI Score
0.974EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0140 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2026 advisory. slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) Note that Nessus has not tested for this issue but has instead...
7.4AI Score
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1533 advisory. FreeIPA: CSRF vulnerability (CVE-2011-3636) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.5AI Score
[1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix [1.4.3.39-2] - Bump version to 1.4.3.39-2 - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to...
7.3AI Score
0.0004EPSS
CVE-2023-5455 Ipa: invalid csrf protection
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
6.4AI Score
0.001EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's...
6.8AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0378 advisory. ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) ipa: Denial of service in IPA server due to wrong use...
7.9AI Score
RHEL 5 : ipa-client (RHSA-2013:0189)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0189 advisory. ipa: weakness when initiating join from IPA client can potentially compromise IPA domain (CVE-2012-5484) Note that Nessus has not tested for this...
8.6AI Score
japan-ems.jp Improper Access Control vulnerability OBB-3843640
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection...
7AI Score
0.01EPSS
Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard...
3.5AI Score
Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. (CVE-2024-1481) Affected Packages: ipa Note: This...
7.4AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
6.5AI Score
Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)
Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.5AI Score
Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...
8.6AI Score
0.001EPSS
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being...
7.1AI Score
0.0004EPSS
Exploit for Out-of-bounds Read in Polkit Project Polkit
Polkit-Permission-promotion-compiled Polkit提权包 CVE-2021-4034...
8.1AI Score
Intel Management Engine Active Management Technology (AMT) Remote Access Enabled
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is remotely...
1.4AI Score
How FHE Technology Is Making End-to-End Encryption a Reality
By Uzair Amir Is End-to-End Encryption (E2EE) a Myth? Traditional encryption has vulnerabilities. Fully Homomorphic Encryption (FHE) offers a new hope… This is a post from HackRead.com Read the original post: How FHE Technology Is Making End-to-End Encryption a...
7.4AI Score
Exploit for Out-of-bounds Read in Polkit Project Polkit
Polkit-Permission-promotion-compiled Polkit提权包 CVE-2021-4034...
8.1AI Score
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached....
7.1CVSS
7.3AI Score
0.0004EPSS
Symmetricom SyncServer Unauthenticated - Remote Command Execution
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection...
9.9AI Score
0.771EPSS
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.5AI Score
0.0004EPSS
japan-soil.info Improper Access Control vulnerability OBB-3838724
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3044 advisory. bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves:...
7.8AI Score
japan-partner.com Cross Site Scripting vulnerability OBB-3839169
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to...
6.2AI Score
0.001EPSS
Exploit for Out-of-bounds Read in Polkit Project Polkit
Polkit-Permission-promotion-compiled Polkit提权包 CVE-2021-4034...
8.1AI Score
Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...
6.5AI Score
0.001EPSS
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...
7.6AI Score
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7.8AI Score
0.0004EPSS
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...
5.9CVSS
6.7AI Score
0.0004EPSS
FreeIPA logs passwords embedded in commands in calls using batch
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with.....
6.6AI Score
0.001EPSS
An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...
7.2AI Score
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
6.1CVSS
6AI Score
0.002EPSS
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...
5.6AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. This affects an unknown part of the file /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx. The manipulation of.....
8.8CVSS
8.6AI Score
0.001EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS