virt:ol and virt-devel:ol security, bug fix, and enhancement update
hivex [1.3.18-23] - Limit recursion in ri-records (CVE-2021-3622) resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf...
8.8CVSS
-0.3AI Score
0.002EPSS
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown...
8AI Score
EPSS
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown...
8AI Score
EPSS
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...
9.8CVSS
7.2AI Score
0.008EPSS
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...
9.8CVSS
8.6AI Score
0.008EPSS
Apache ActiveMQ Apollo XXE Vulnerability
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...
9.8CVSS
7.2AI Score
0.006EPSS
Apache ActiveMQ Apollo XXE Vulnerability
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...
9.8CVSS
7.2AI Score
0.006EPSS
WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in...
6.1CVSS
6.1AI Score
0.001EPSS
Intel Memory Bug Poses Risk for Hundreds of Products
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System (CVSS) score of 7. The vulnerability.....
1.1AI Score
0.001EPSS
WordPress Country Selector <1.6.6 - Cross-Site Scripting
WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the....
6.1CVSS
6.1AI Score
0.001EPSS
Intel® Optane SSD Firmware Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ SSD and Intel® Optane™ SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates and prescriptive guidance to mitigate these potential...
5.9AI Score
0.001EPSS
Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-d231cb5e1f)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.005EPSS
[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.4-1.fc36
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...
7.5CVSS
1.8AI Score
0.005EPSS
IOSSecuritySuite - iOS Platform Security And Anti-Tampering Swift Library
iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. What ISS...
-0.6AI Score
WordPress Country Selector Plugin跨站脚本漏洞
WordPress is a personal blogging system. WordPress Country Selector Plugin has a cross-site scripting vulnerability that can be exploited by attackers to execute XSS...
2.9AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by p7e4 in WordPress Gwyn's Imagemap Selector plugin (versions <= 0.3.3) Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. This closure is temporary, pending a full...
6.1CVSS
2.2AI Score
0.001EPSS
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...
6.1CVSS
5.8AI Score
0.001EPSS
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...
6.1CVSS
0.001EPSS
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...
6.1CVSS
5.7AI Score
0.001EPSS
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...
6AI Score
0.001EPSS
Security update for SUSE Manager Client Tools (moderate)
An update that fixes 12 vulnerabilities, contains three features is now available. Description: This update fixes the following issues: grafana: Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) Security: Fixes XSS vulnerability in handling data sources...
9.8CVSS
-0.5AI Score
0.975EPSS
Google Android Denial of Service Vulnerability (CNVD-2022-46290)
Google Android is a Linux-based open source operating system from Google, Inc. A denial-of-service vulnerability exists in Google Android, which stems from a possible crash in the re-initialization of HeifDecoderImpl.cpp due to a missing null check. A remote attacker could exploit the...
5.5AI Score
Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-132c6d7c2e)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.005EPSS
Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-9ed7641ce0)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-2.fc35
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...
7.5CVSS
1.8AI Score
0.005EPSS
[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-2.fc34
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...
7.5CVSS
1.8AI Score
0.005EPSS
Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Country Selector premium plugin (versions <= 1.6.5). Solution Update the WordPress Country Selector premium plugin to the latest available version (at least...
6.1CVSS
2.3AI Score
0.001EPSS
Country Selector < 1.6.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site...
6.1CVSS
-0.1AI Score
0.001EPSS
Country Selector < 1.6.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting...
6.1CVSS
1.6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
5.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.6AI Score
0.001EPSS
Report Submission Form Summary: This report uses metrics-server as example, but it should be applicable to any aggregated api server. When metrics-server is hijacked, either by modifying the container image directly or by running another pods using the same label selector in kube-system namespace,....
1AI Score
0.001EPSS
Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module),...
0.1AI Score
(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes...
0.9AI Score
0.976EPSS
(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes...
0.9AI Score
0.976EPSS
User's funds can get lost when transferring to other chain
Lines of code Vulnerability details Impact When transferring tokens to other chain, the tokens in the source chain are burned - if they are external they will be transferred to the AxelarGateway, otherwise they will be burned. In the target chain the same amount of tokens will be minted for the...
6.9AI Score
Jenkins Tests Selector Plugin跨站脚本漏洞
Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Tests Selector Plugin 1.3.3 and earlier versions, which stems from an unescaped...
5.4CVSS
3.2AI Score
0.001EPSS
Jenkins Tests Selector Plugin Arbitrary File Read Vulnerability
Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Tests Selector Plugin 1.3.3...
6.5CVSS
2.2AI Score
0.001EPSS
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. Any editorial opinions reflected below...
8.8CVSS
9.8AI Score
0.004EPSS
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Bitbucket Server Integration Plugin prior to 3.2.0, Continuous Integration with Toad Edge Plugin prior to 2.4, Coverage/Complexity Scatter Plot Plugin 1.1.1 or earlier,.....
8.8CVSS
7.1AI Score
0.001EPSS
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...
5.4CVSS
2.6AI Score
0.001EPSS
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...
5.4CVSS
2.6AI Score
0.001EPSS
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...
6.5CVSS
6.3AI Score
0.001EPSS
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...
6.5CVSS
6.2AI Score
0.001EPSS
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...
6.5CVSS
6.6AI Score
0.001EPSS
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...
5.4CVSS
0.001EPSS
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...
6.5CVSS
6.2AI Score
0.001EPSS