K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063
Security Advisory Description CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2018-1000802 Python Software Foundation Python (CPython)...
8.4AI Score
0.01EPSS
K000139685: Python vulnerability CVE-2023-40217
Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into...
7AI Score
0.0005EPSS
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2021-35942 DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain...
9.8CVSS
9.5AI Score
0.963EPSS
New mariadb packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mariadb-10.5.25-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability...
4.9CVSS
6.2AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...
5.5CVSS
5.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
7.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
7.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.1AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.1AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time....
6.5AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
7.9AI Score
0.0004EPSS
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION: **Golang Go could allow a remote attacker to traverse directories on...
7.5CVSS
7.5AI Score
0.001EPSS
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under.....
9.8CVSS
7.2AI Score
0.974EPSS
Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets...
7.5CVSS
7.4AI Score
0.0004EPSS
Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus
[CVE-2023-27100 - pfSense Anti-brute force protection bypass]...
9.8CVSS
7.3AI Score
0.002EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.1AI Score
0.0004EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
6.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.8AI Score
0.0004EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
7.8AI Score
0.0004EPSS
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
7.8CVSS
6.8AI Score
EPSS
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....
7.4AI Score
CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...
5.5CVSS
5.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...
6.7AI Score
0.0004EPSS