389-ds-base: Security Vulnerabilities
rdma-core bug fix and enhancement update
An update is available for rdma-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
dnf-plugins-core bug fix and enhancement update
An update is available for dnf-plugins-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky.....
6.8AI Score
freeipmi bug fix and enhancement update
An update is available for freeipmi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
An update is available for gdk-pixbuf2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gdk-pixbuf2 packages provide an image loading library that can be...
7.8CVSS
7.1AI Score
0.001EPSS
An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...
7.5AI Score
0.0004EPSS
realmd bug fix and enhancement update
An update is available for realmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10....
6.8AI Score
intel-cmt-cat bug fix and enhancement update
An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
libsoup bug fix and enhancement update
An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1....
6.8AI Score
An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...
5.3CVSS
7.2AI Score
0.001EPSS
perl-HTTP-Tiny bug fix and enhancement update
An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
An update is available for traceroute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The traceroute utility displays the route used by IP packets on their way....
5.5CVSS
6.6AI Score
0.0004EPSS
An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and...
7.3AI Score
An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of.....
7AI Score
0.0004EPSS
An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....
7.1CVSS
7.2AI Score
0.0004EPSS
An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB),.....
7.8CVSS
7AI Score
0.001EPSS
An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the...
7.5CVSS
7.8AI Score
0.05EPSS
acl bug fix and enhancement update
An update is available for acl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1...
6.8AI Score
tuned bug fix and enhancement update
An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10.....
6.8AI Score
alsa-sof-firmware bug fix and enhancement update
An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....
6.8AI Score
kexec-tools bug fix and enhancement update
An update is available for kexec-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....
6.8AI Score
c-ares bug fix and enhancement update
An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10....
6.8AI Score
Summary IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code when XMLUnit is used to transform data with a stylesheet from an untrusted source. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-31573 ...
7.8AI Score
EPSS
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4067 DESCRIPTION: **Node.js micromatch module is vulnerable to a...
7.5CVSS
7.5AI Score
0.0004EPSS
Summary An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-21012 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....
3.7CVSS
6.4AI Score
0.001EPSS
Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
8.2CVSS
9.2AI Score
0.025EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
A flaw was found in libyaml, where it is vulnerable to a buffer overflow. This issue affects the yaml_emitter_emit function in the /src/libyaml/src/emitter.c. file, leading to a double-free problem. Mitigation Mitigation for this issue is either not available or the currently available options...
6.9AI Score
0.0004EPSS
A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red.....
6.8AI Score
0.0004EPSS
A stack-based buffer overflow flaw was found in GStreamer. This issue may lead to code execution while parsing tile list data within AV1-encoded video files. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...
7.5CVSS
8.9AI Score
0.0005EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
7.2CVSS
7.9AI Score
0.0004EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...
7.2CVSS
0.0004EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...
7.2CVSS
7.8AI Score
0.0004EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
7.2CVSS
0.0004EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....
7.2CVSS
7.9AI Score
0.0004EPSS
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....
7.2CVSS
0.0004EPSS
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...
9.8CVSS
7.7AI Score
0.0004EPSS
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...
9.8CVSS
0.0004EPSS
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...
9.8CVSS
8AI Score
0.0004EPSS
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...
9.8CVSS
0.0004EPSS
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...
6.5CVSS
0.0004EPSS
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...
6.5CVSS
6.5AI Score
0.0004EPSS
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...
6.2CVSS
0.0004EPSS
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...
6.2CVSS
6.6AI Score
0.0004EPSS
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...
6.2CVSS
0.0004EPSS
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...
6.2CVSS
6.5AI Score
0.0004EPSS
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...
6.2CVSS
6.6AI Score
0.0004EPSS
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...
6.2CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
7AI Score
0.0004EPSS
CVE-2024-27178 Remote Code Execution
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
7.2CVSS
0.0004EPSS
CVE-2024-27178 Remote Code Execution
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...
7.2CVSS
7.9AI Score
0.0004EPSS