Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
7.8CVSS
8AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
7.8CVSS
8AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.1AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.4AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
6AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.4AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
7.8CVSS
8.2AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
7.8CVSS
7.5AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.4AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
6AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.4AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
5.5CVSS
5.4AI Score
0.001EPSS
Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8.2AI Score
0.001EPSS
K000139508 : rust-openssl vulnerability CVE-2024-3296
Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial....
5.9CVSS
6.7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-24549 DESCRIPTION: **Apache Tomcat is vulnerable...
7.8AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Compress which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons...
8.1CVSS
5.8AI Score
0.001EPSS
Firebase vulnerable to CRSF attack
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.7AI Score
0.0004EPSS
Firebase vulnerable to CRSF attack
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.9AI Score
0.0004EPSS
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: ...
4.3CVSS
6.2AI Score
0.0004EPSS
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: ...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2023-47727 IBM QRadar Suite Software file manipulation
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: ...
4.3CVSS
4.6AI Score
0.0004EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.7AI Score
0.0004EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.5AI Score
0.0004EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.4AI Score
0.0004EPSS
CVE-2024-4128 CSRF in firebase-tools emulator suite
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.8AI Score
0.0004EPSS
Summary IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-1023 DESCRIPTION: **Eclipse Vert.x is vulnerable...
6.5CVSS
7.3AI Score
0.0004EPSS
When is One Vulnerability Scanner Not Enough?
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability.....
7.1AI Score
K000139491 : VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into...
9.6CVSS
7.2AI Score
0.0004EPSS
K000139489 : PostgreSQL JDBC Driver vulnerability CVE-2024-1597
Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...
9.8CVSS
8.2AI Score
0.001EPSS
Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details ** CVEID: CVE-2022-32753 DESCRIPTION: **IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: ...
5.9CVSS
5.3AI Score
0.0004EPSS
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: ...
5.9CVSS
5.8AI Score
0.0004EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....
4.3CVSS
7AI Score
0.0004EPSS
CVE-2022-38386 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: ...
5.9CVSS
5.9AI Score
0.0004EPSS
CVE-2022-38386 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: ...
5.9CVSS
5.4AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - IOT Component uses dnspython-1.16.0-py2.py3-none-any.whl which is vulnerable to CVE-2023-29483. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-29483 DESCRIPTION: **Dnspython is...
6.4AI Score
0.0004EPSS
[SECURITY] [3803-1] astropy security update
Debian LTS Advisory DLA-3803-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 30, 2024 https://wiki.debian.org/LTS Package : astropy Version : 3.1.2-2+deb10u1 CVE ID :...
8.4CVSS
7.6AI Score
0.0004EPSS
[SECURITY] [3803-1] astropy security update
Debian LTS Advisory DLA-3803-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 30, 2024 https://wiki.debian.org/LTS Package : astropy Version : 3.1.2-2+deb10u1 CVE ID :...
8.4CVSS
7.2AI Score
0.0004EPSS
(RHSA-2024:2616) Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.5AI Score
0.0005EPSS