A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be...
9.8CVSS
9.7AI Score
0.003EPSS
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...
7.4AI Score
0.0005EPSS
Low: openssl and openssl-fips-provider security update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data.....
6.7AI Score
0.003EPSS
Vitess vulnerable to infinite memory consumption and vtgate crash
Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select _utf16 0xFF The source of the bug lies in the.....
7.2AI Score
0.0004EPSS
Neos Flow Arbitrary file upload and XML External Entity processing
It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure,...
7.1AI Score
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...
7.3AI Score
0.0005EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...
6.6AI Score
0.0004EPSS
RCE (Remote Code Execution) in Confluence Data Center and Server
This High severity RCE (Remote Code Execution) vulnerability was introduced in version of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of , allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...
7.8AI Score
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:Rocky Linux-28923) Security Fix(es): podman: full container escape at build time...
8.6AI Score
0.0005EPSS
Unencrypted traffic between pods when using Wireguard and an external kvstore
Impact For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. Patches This issue affects Cilium v1.14 before v1.14.7. This issue has been patched in Cilium v1.14.7. Workarounds There is no...
7.2AI Score
0.0004EPSS
Veeam Agent for Linux - veeamsnap and blksnap Extended Linux Distribution Support
This article describesVeeam Agent for Linux support for distribution versions released after the latest release of Veeam Agent for...
2.5AI Score
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.3AI Score
0.0004EPSS
Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService
The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the...
7.2AI Score
0.0004EPSS
OpenStack Glance Bypass the storage quota and Denial of service
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving...
6.8AI Score
0.023EPSS
(RHSA-2024:2968) Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
7.3AI Score
0.001EPSS
(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]
In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...
6.5AI Score
0.0004EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.1AI Score
0.0004EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
6.7AI Score
0.001EPSS
openssl and openssl-fips-provider security update
openssl [1:3.0.7-27.0.3] - Enable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.2] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-27] - Use certified FIPS module instead of...
7.6AI Score
0.003EPSS
Directory traversal in github.com/kataras/iris and github.com/kataras/iris/v12
The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory. This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames...
8.7AI Score
0.003EPSS
device-mapper-persistent-data bug fix and enhancement update
An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release,...
6.8AI Score
Exploit for Improper Input Validation in Microsoft
Pachine Python implementation for CVE-2021-42278 (Active...
8.6AI Score
Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.2AI Score
0.003EPSS
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
8.5AI Score
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
8.4AI Score
(RHSA-2024:2952) Moderate: resource-agents security and bug fix update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
7AI Score
0.001EPSS
gcc-toolset-13-annobin bug fix and enhancement update
An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
6.9AI Score
python-into-dbus-python bug fix and enhancement update
An update is available for python-into-dbus-python. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the....
6.8AI Score
Excessive resource consumption in net/http, net/textproto and mime/multipart
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of...
8.3AI Score
0.005EPSS
Excessive memory growth in net/http and golang.org/x/net/http2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate.....
6.4AI Score
0.003EPSS
Unbounded memory growth in net/http and golang.org/x/net/http2
An attacker can cause unbounded memory growth in servers accepting HTTP/2...
7.7AI Score
0.003EPSS
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...
8.4CVSS
7.3AI Score
0.0004EPSS
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096) kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size...
8.5AI Score
0.003EPSS
[Out of Bounds Read and Write in onQueueFilled in outQueue in libstagefright_soft_mpeg4dec]
In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
mingw-qemu-ga-win bug fix and enhancement update
An update is available for mingw-qemu-ga-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....
6.8AI Score
Reviews and Rating – Google Reviews < 5.3 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....
5.8AI Score
0.0004EPSS
Vitess vulnerable to infinite memory consumption and vtgate crash
Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select _utf16 0xFF The source of the bug lies in the.....
7.2AI Score
0.0004EPSS
miekg/dns parsing error leads to nil pointer dereference and DoS
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of...
7.1AI Score
0.002EPSS
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by.....
9.7AI Score
0.001EPSS
Security Misconfiguration org.eclipse.jetty:jetty-server Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-server Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-server Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.2AI Score
0.012EPSS
(RHSA-2023:7370) Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-4128,...
8.4AI Score
0.017EPSS
An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
8.4AI Score
An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
8.4AI Score
Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications
Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications (Veeam Plug-in for SAP HANA, Veeam Plug-in for Oracle RMAN, Veeam Plug-in for SAP on Oracle, Veeam Plug-in for Microsoft SQL...
7.4AI Score
(RHSA-2024:2845) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) Bug Fix(es): kernel: untrusted...
6.3AI Score
0.0004EPSS
Denial of service in net/http and golang.org/x/net/http2
HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of...
7.6AI Score
0.002EPSS
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin...
6AI Score
0.001EPSS
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input......
9.4AI Score
0.968EPSS
Improve one-time permissions handling and revoking mechanism to prevent security issues
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
6.7AI Score
0.0004EPSS