Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the...
6.2AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves two vulnerabilities and has 55 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: The netfilter subsystem allowed attackers to cause a ...
5.5CVSS
-0.1AI Score
0.001EPSS
Security update for opera (important)
An update that fixes 7 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219...
9.6CVSS
0.1AI Score
0.97EPSS
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI...
3.7CVSS
0.2AI Score
0.001EPSS
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component...
3.7CVSS
0.5AI Score
0.001EPSS
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...
3.7CVSS
0.4AI Score
0.001EPSS
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...
3.7CVSS
0.7AI Score
0.001EPSS
Security update for exim (critical)
An update that fixes 26 vulnerabilities is now available. Description: This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update (boo#1185631) * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool...
9.8CVSS
-0.5AI Score
0.974EPSS
Security update for nim (moderate)
An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...
8.8CVSS
0.3AI Score
0.002EPSS
Security update for nim (moderate)
An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...
8.8CVSS
0.1AI Score
0.002EPSS
6.5CVSS
7.9AI Score
0.001EPSS
6.5CVSS
7.9AI Score
0.001EPSS
6.5CVSS
8.6AI Score
0.001EPSS
6.5CVSS
7.9AI Score
0.001EPSS
FreeBSD : Apache Maven -- multiple vulnerabilities (20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a)
The Apache Maven project reports : We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues : Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories...
9.1CVSS
7AI Score
0.002EPSS
9.8CVSS
7.1AI Score
0.038EPSS
7.5CVSS
6.9AI Score
0.002EPSS
7.8CVSS
8.1AI Score
0.052EPSS
Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM
Security teams often struggle to demonstrate the efficacy and progress of their organization’s vulnerability and remediation management program. This is a result of the complexity around identifying, collecting, and visualizing complicated metrics. InsightVM’s Executive Summary Report has proved...
0.3AI Score
MoveKit - Cobalt Strike Kit For Lateral Movement
Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a.....
8.1AI Score
SUSE SLES12 Security Update : glibc (SUSE-SU-2021:1165-1)
This update for glibc fixes the following issues : CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) Check vector support in.....
7.5CVSS
7.1AI Score
0.002EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be...
9.8CVSS
8.6AI Score
0.006EPSS
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...
1AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 21 vulnerabilities and has 74 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3444: Fixed an issue with the bpf verifier which did not ...
9.8CVSS
1.2AI Score
0.006EPSS
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...
0.4AI Score
0.001EPSS
Apache Maven -- multiple vulnerabilities
The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More...
9.1CVSS
-0.3AI Score
0.002EPSS
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** Third Party Entry: 180875 DESCRIPTION: **jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal...
-0.1AI Score
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-7656 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...
6.1CVSS
0.2AI Score
0.002EPSS
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...
6.1CVSS
0.5AI Score
0.061EPSS
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0874 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.1CVSS
6.9AI Score
0.006EPSS
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.1CVSS
7.2AI Score
0.006EPSS
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0873)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0873 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
8.1CVSS
6.9AI Score
0.006EPSS
(RHSA-2021:0874) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....
0.4AI Score
0.006EPSS
(RHSA-2021:0873) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....
0.4AI Score
0.006EPSS
(RHSA-2021:0872) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....
0.4AI Score
0.006EPSS
Releases Ubuntu 18.04 ESM Packages symfony - set of reusable components and framework for web projects Details It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain...
9.8CVSS
9.6AI Score
0.006EPSS
Schneider Electric EcoStruxure Building Operation (EBO)
EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...
8.8CVSS
8.5AI Score
0.002EPSS
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...
4.2CVSS
0.7AI Score
0.002EPSS
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization...
4.2CVSS
1.2AI Score
0.002EPSS
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....
7.5CVSS
7.4AI Score
0.001EPSS
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....
7.5CVSS
7.4AI Score
0.001EPSS
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....
7.5CVSS
0.001EPSS
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....
7.5CVSS
7.5AI Score
0.001EPSS
Unbounded connection acceptance in http4s-blaze-server
Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...
7.5CVSS
0.1AI Score
0.001EPSS
Unbounded connection acceptance in http4s-blaze-server
Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...
7.5CVSS
0.1AI Score
0.001EPSS
CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....
7.5CVSS
7.7AI Score
0.001EPSS
(RHSA-2021:0248) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....
-0.3AI Score
0.002EPSS
(RHSA-2021:0247) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....
-0.3AI Score
0.002EPSS
(RHSA-2021:0246) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....
-0.3AI Score
0.002EPSS
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0246 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
6.8AI Score
0.002EPSS