Updated php packages fix security vulnerabilities
Core: - Corrupted memory in destructor with weak references - GC does not scale well with a lot of objects created in destructor DOM: - Add some missing ZPP checks. - Fix potential memory leak in XPath evaluation results. FPM: - Fix incorrect check in fpm_shm_free(). Gettext: - Fixed sigabrt...
7.6AI Score
0.006EPSS
7.4AI Score
7.4AI Score
New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of...
10AI Score
0.006EPSS
Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details ** CVEID: CVE-2022-2923 DESCRIPTION: **Vim is...
10AI Score
0.02EPSS
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2012-0838, CVE-2011-1772, CVE-2008-6504, CVE-2010-1870, CVE-2012-0394, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...
8.7AI Score
0.938EPSS
QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...
7AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
10AI Score
0.051EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.9AI Score
0.007EPSS
Code Keepers: Mastering Non-Human Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database...
7.2AI Score
ReCrystallize Server - Authentication Bypass
This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been...
6.8AI Score
0.001EPSS
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom...
7.3AI Score
Cross-Site Request Forgery (CSRF)
aim is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the lack of CSRF and CORS protection in the aim dashboard, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's...
7.1AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
PHP 8.1.x < 8.1.28 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.28. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.28 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a...
8.3AI Score
7.4AI Score
7.4AI Score
Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-103-01)
The version of php81 installed on the remote host is prior to 8.1.28 / 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-103-01 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
8.3AI Score
7.4AI Score
0.001EPSS
7.4AI Score
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
...
7.4AI Score
7.4AI Score
7.4AI Score
Apache Superset < 2.1.0 Hardcoded Secret Key
Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as...
7.3AI Score
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
...
7.4AI Score
0.001EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....
10AI Score
0.962EPSS
7.3AI Score
Issue Overview: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case....
7AI Score
0.002EPSS
Juniper Junos OS Multiple Vulnerabilities (JSA79108)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...
9.3AI Score
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command...
7.7AI Score
PHP 8.3.x < 8.3.6 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.6 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard...
8.3AI Score
CHAOS RAT 5.0.1 Remote Command Execution Exploit
CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT...
6.6AI Score
0.0004EPSS
PHP 8.2.x < 8.2.18 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.18. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.18 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a...
8.3AI Score
php -- Multiple vulnerabilities
This update includes 3 security fixes: High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on...
7.5AI Score
0.006EPSS
7.4AI Score
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.4CVSS
6.8AI Score
0.0004EPSS
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.5AI Score
0.0004EPSS
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
6.5AI Score
0.0004EPSS
Real-time File Access Monitoring (FAM) with Qualys FIM
What is File Access Monitoring (FAM)? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring (FIM) solution to trigger alerts when critical host files not intended for regular use are accessed. Importance...
7AI Score
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
6.8AI Score
0.0004EPSS
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
6.8AI Score
0.0004EPSS
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
7.3AI Score
0.0004EPSS
@fastify/secure-session: Reuse of destroyed secure session cookie
Impact At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided...
7.2AI Score
0.0004EPSS
@fastify/secure-session: Reuse of destroyed secure session cookie
Impact At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided...
6.9AI Score
0.0004EPSS
CVE-2024-2196 CSRF Vulnerability in aimhubio/aim
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.6AI Score
0.0004EPSS
Hands-on Review: Cynomi AI-powered vCISO Platform
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing....
7.5AI Score
Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl which is vulnerable to CVE-2024-22195 Vulnerability Details ** CVEID: CVE-2024-22195 DESCRIPTION: **Pallets Jinja is vulnerable to cross-site scripting, caused by...
6.7AI Score
0.001EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.9AI Score
0.02EPSS