KLA68915 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...
9.8CVSS
10AI Score
0.003EPSS
Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update
Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...
7.5CVSS
6.8AI Score
EPSS
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...
7.5CVSS
7.5AI Score
0.001EPSS
Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update
Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...
7.5CVSS
6.8AI Score
EPSS
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...
7.5CVSS
0.0005EPSS
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...
7.5CVSS
5.8AI Score
0.0005EPSS
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...
5.9CVSS
0.0005EPSS
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...
5.9CVSS
7AI Score
0.0005EPSS
7.4AI Score
EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
8.3AI Score
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
6.9AI Score
0.001EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
9AI Score
0.0004EPSS
A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....
9.8CVSS
7.5AI Score
0.001EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
8AI Score
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
9AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
0.0004EPSS
A Denial-of-Service (DoS) vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to...
4.2CVSS
0.0004EPSS
A Denial-of-Service (DoS) vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to...
4.2CVSS
4.5AI Score
0.0004EPSS
CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
A Denial-of-Service (DoS) vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to...
4.2CVSS
6.7AI Score
0.0004EPSS
CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
A Denial-of-Service (DoS) vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to...
4.2CVSS
0.0004EPSS
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
7.7AI Score
0.0004EPSS
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
0.0004EPSS
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
0.0004EPSS
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...
5.9CVSS
4.5AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
7.4CVSS
7.2AI Score
0.001EPSS
7.4AI Score
RHEL 8 : booth (RHSA-2024:3659)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3659 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
7.4CVSS
6.8AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
7.4CVSS
7.3AI Score
0.001EPSS
RHEL 8 : booth (RHSA-2024:3658)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3658 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
7.4CVSS
6.8AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
7.4CVSS
7.3AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
7.4CVSS
7.3AI Score
0.001EPSS
RHEL 9 : booth (RHSA-2024:3660)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3660 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
7.4CVSS
6.8AI Score
0.001EPSS
RHEL 8 : booth (RHSA-2024:3657)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3657 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
7.4CVSS
6.8AI Score
0.001EPSS
RHEL 9 : booth (RHSA-2024:3661)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3661 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
7.4CVSS
6.5AI Score
0.001EPSS
Oracle Linux 8 : kernel (ELSA-2024-3618)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....
7.8CVSS
8.7AI Score
0.001EPSS
Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release > v0.273.0 and <= v0.297.0 CF Deployment > v30.9.0 and <= v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker ca...
7.5CVSS
6.7AI Score
0.0005EPSS
[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...
7.8CVSS
9AI Score
0.001EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-30528 WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS