HPE Superdome Flex Server; HPE Superdome Flex 280 Server Security Vulnerabilities
Oracle Linux 8 : pmix (ELSA-2024-3008)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3008 advisory. [2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves: RHEL-3692 Tenable has extracted the preceding description block...
6.7AI Score
7.4AI Score
7.4AI Score
0.0004EPSS
Oracle Linux 8 : python3.11-cryptography (ELSA-2024-3105)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3105 advisory. [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19831 Tenable has extracted the preceding description block directly from the Oracle Linux...
6.4AI Score
Oracle Linux 8 : perl-Convert-ASN1 (ELSA-2024-3049)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3049 advisory. [0.27-18] - Fix unsafe decoding in indef case (CVE-2013-7488) Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.8AI Score
Oracle Linux 8 : vorbis-tools (ELSA-2024-3095)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3095 advisory. [1:1.4.0-29] - fix out-of-bounds read in oggenc (CVE-2023-43361) Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.7AI Score
Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. [1.16.1-4.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-4] - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow -...
7.1AI Score
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-631)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-631 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...
7AI Score
Oracle Linux 8 : python-pillow (ELSA-2024-3005)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3005 advisory. [5.1.1-20] - Security fix for CVE-2023-50447 Resolves: RHEL-22240 [5.1.1-19] - Security fix for CVE-2023-44271 Resolves: RHEL-15460 Tenable has...
6.6AI Score
Oracle Linux 8 : squashfs-tools (ELSA-2024-3139)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3139 advisory. [4.3-21] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated...
7.3AI Score
Oracle Linux 8 : exempi (ELSA-2024-3066)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3066 advisory. [2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves: RHEL-5415 Tenable has extracted the preceding...
7.1AI Score
Oracle Linux 8 : edk2 (ELSA-2024-3017)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...
6AI Score
Oracle Linux 8 : perl-CPAN (ELSA-2024-3094)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3094 advisory. [2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for...
7AI Score
Oracle Linux 8 : python3.11 (ELSA-2024-3062)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3062 advisory. [3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for...
6.6AI Score
Oracle Linux 8 : gmp (ELSA-2024-3214)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3214 advisory. [1:6.1.2-11] - Fix: CVE-2021-43618 Resolves: RHEL-23055 Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.9AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.3AI Score
8.6AI Score
0.001EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
8.1AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
8.1AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
5.3CVSS
7.4AI Score
7.3AI Score
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
7.5AI Score
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.2AI Score
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE)...
8.2AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
7AI Score
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE)...
4.8CVSS
8.4AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
8.6CVSS
7.3AI Score
CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
CVE-2024-35237 MIT IdentiBot User-Kerberos Mapping Publicly Available
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.3AI Score
CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE)...
8.2AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
7AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.8AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
8.3CVSS
7.1AI Score
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
Summary IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details **...
5.8AI Score
silverstripe/framework is vulnerable to Improper URL Sanitization. The vulnerability is due to a lack of server-side URL sanitization in the "Add from URL" function, allowing potentially dangerous URLs to be...
7AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....
7.1AI Score
0.0004EPSS
A week in security (May 20 – May 26)
Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...
7.3AI Score
Server-Side Request Forgery (SSRF)
vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper input validation in the /Cover/Show route, allowing remote attackers to access internal HTTP servers and execute Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET...
6.4AI Score
ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote...
7.2CVSS
7.9AI Score
0.001EPSS
CVE-2024-5403 ASKEY 5G NR Small Cell - Command Injection
ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote...
7.5AI Score
0.001EPSS
6.5AI Score
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote...
8.8CVSS
8.2AI Score
0.001EPSS
CVE-2024-5400 Openfind Mail2000 - OS Command Injection
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote...
8.1AI Score
0.001EPSS
How to Recover Deleted Emails from Exchange Server?
By Waqas Accidentally deleted emails? Don't panic! This guide explains how to recover them from Exchange Server within the retention… This is a post from HackRead.com Read the original post: How to Recover Deleted Emails from Exchange...
7.2AI Score
Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification...
6.4AI Score