@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the....
8.3CVSS
7.5AI Score
7.8CVSS
8.1AI Score
0.002EPSS
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to.....
7.5CVSS
7.6AI Score
0.001EPSS
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to.....
7.5CVSS
7.2AI Score
0.001EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....
7.8CVSS
7.6AI Score
0.002EPSS
[1.13.1-8.3] - Rebuild (z-stream target) Resolves: RHEL-30985 Resolves: RHEL-31015 [1.13.1-8.2] - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30985 [1.13.1-8.1] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents ...
7.8CVSS
7.4AI Score
0.0005EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...
7.8CVSS
7.5AI Score
0.002EPSS
Vulnerability in the Extensions component of Microsoft Edge and Google Chrome browsers is related to incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information V8 JavaScript script handler...
8.2AI Score
0.0005EPSS
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to...
8.8AI Score
0.0004EPSS
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to...
8.8AI Score
0.0004EPSS
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or...
8.8AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
7.5AI Score
0.0004EPSS
An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
7.9CVSS
8.2AI Score
0.0004EPSS
container-tools:rhel8 security and bug fix update
An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...
8.6CVSS
7.3AI Score
0.0005EPSS
httpd:2.4/mod_http2 security update
An update is available for httpd, mod_md, mod_http2, module.mod_md, module.mod_http2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd...
7.2AI Score
0.0004EPSS
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...
7.9CVSS
8.2AI Score
0.0004EPSS
An update is available for module.varnish, varnish-modules, varnish, module.varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a.....
7.2AI Score
0.0004EPSS
An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...
7.8CVSS
7.4AI Score
0.0005EPSS
Important: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
8.6CVSS
8.6AI Score
0.0005EPSS
An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...
7.2AI Score
go-toolset:rhel8 security update
An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
7.2AI Score
0.0004EPSS
container-tools:4.0 security update
An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.fuse-overlayfs, runc, criu, module.toolbox, module.container-selinux,...
8.6CVSS
7.2AI Score
0.0005EPSS
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:Rocky Linux-28923) Security Fix(es): podman: full container escape at build time...
8.6CVSS
8.6AI Score
0.0005EPSS
sagemaker is vulnerable to OS Command Injection. The vulnerability is due to the capture_dependencies function in the sagemaker.serve.save_retrive.version_1_0_0.save.utils module. An attacker can execute arbitrary code or cause a denial of service by passing an inappropriate command as the...
7.8CVSS
7.9AI Score
0.0005EPSS
Deserialization Of Untrusted Data
sagemaker is vulnerable to Deserialization of Untrusted Data. The vulnerability is due the deserialization of pickled object arrays within the sagemaker.base_deserializers.NumpyDeserializer module, which could allow an unprivileged third party to cause Remote Code Execution or Denial of Service...
7.8CVSS
7.5AI Score
0.0004EPSS
(RHSA-2024:2697) Important: kpatch-patch security update
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) kernel: GSM multiplexing race condition...
7.8CVSS
8AI Score
0.0004EPSS
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one host#...
6.9AI Score
0.0004EPSS
6.1AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: python-idna-3.7-1.fc38
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
[SECURITY] Fedora 39 Update: python-idna-3.7-1.fc39
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
7.4AI Score
7.4AI Score
[SECURITY] [DLA 3807-1] glibc security update
Debian LTS Advisory DLA-3807-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 04, 2024 https://wiki.debian.org/LTS Package : glibc Version : 2.28-10+deb10u3 CVE ID :...
6.7AI Score
0.0004EPSS
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.2 and IBM Planning Analytics 2.0.95 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
10AI Score
0.962EPSS
sagemaker-python-sdk Command Injection vulnerability
Impact The capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils module before version 2.214.3 allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow....
7.8CVSS
8.2AI Score
0.0005EPSS
sagemaker-python-sdk Command Injection vulnerability
Impact The capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils module before version 2.214.3 allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow....
7.8CVSS
8.1AI Score
0.0005EPSS
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...
7.8CVSS
7.6AI Score
0.0004EPSS
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...
7.8CVSS
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one host#...
6.2AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...
10CVSS
7.7AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one host#...
7AI Score
0.0004EPSS
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils module allows for potentially unsafe Operating System (OS) Command Injection if.....
7.8CVSS
8.5AI Score
0.0005EPSS
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently...
7.8CVSS
8.3AI Score
0.0004EPSS
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils module allows for potentially unsafe Operating System (OS) Command Injection if.....
7.8CVSS
8.1AI Score
0.0005EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.7CVSS
9.7AI Score
0.008EPSS
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The.....
6.8CVSS
8.1AI Score
0.0005EPSS
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the.....
8.8CVSS
8.5AI Score
0.001EPSS
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within...
8.8CVSS
8.5AI Score
0.001EPSS