Intel(R) CSME, Server Platform Services, Trusted Execution Engine And Intel(R) Active Management Technology Security Vulnerabilities
Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.1CVSS
6.5AI Score
0.0004EPSS
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...
7.5AI Score
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...
8.8CVSS
EPSS
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...
8.8CVSS
8.5AI Score
EPSS
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
8.9AI Score
EPSS
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
EPSS
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
9AI Score
EPSS
10CVSS
7.7AI Score
0.738EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
ecnp.eu Cross Site Scripting vulnerability OBB-3939483
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
7AI Score
EPSS
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
EPSS
CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...
8.8CVSS
EPSS
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
4.8CVSS
5.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064
Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
5.4CVSS
6.7AI Score
0.0004EPSS
Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Mattermost leaks details of AD/LDAP groups of a teams in...
4.3CVSS
6.7AI Score
0.0004EPSS
User-provided environment values allow execution on macOS agents in...
7.2AI Score
runc vulnerable to container breakout through process.cwd trickery and leaked fds in...
8.6CVSS
6.9AI Score
0.051EPSS
Mattermost post fetching without auditing in compliance export in...
4.3CVSS
6.7AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in...
7.1AI Score
Mattermost viewing archived public channels permissions vulnerability in...
4.3CVSS
6.7AI Score
0.0004EPSS
Mattermost notified all users in the channel when using WebSockets to respond individually in...
4.3CVSS
6.6AI Score
0.0004EPSS
Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Mattermost allows demoted guests to change group names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...
7.5CVSS
6.7AI Score
0.001EPSS
Moby (Docker Engine) Insufficiently restricted permissions on data directory in...
6.3CVSS
6.7AI Score
0.0005EPSS
Mattermost race condition in github.com/mattermost/mattermost-server
Mattermost race condition in...
2.6CVSS
6.7AI Score
0.0004EPSS
Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Mattermost Cross-site Scripting vulnerability in...
6.1CVSS
6.4AI Score
0.0005EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
9.1CVSS
6.7AI Score
0.002EPSS
Mattermost allows attackers access to posts in channels they are not a member of in...
4.3CVSS
6.6AI Score
0.0004EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
5.3CVSS
6.7AI Score
0.001EPSS
Server-Side Request Forgery in github.com/greenpau/caddy-security
Server-Side Request Forgery in...
5.3CVSS
6.8AI Score
0.001EPSS
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...
7.6CVSS
6.8AI Score
0.001EPSS
Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Mattermost denial of service through long emoji value in...
4.3CVSS
6.7AI Score
0.0004EPSS
Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Mattermost fails to check the "invite_guest" permission in...
4.3CVSS
6.6AI Score
0.0004EPSS
Mattermost fails to properly restrict the access of files attached to posts in...
3.1CVSS
6.6AI Score
0.0004EPSS
SFTP is possible on the Proxy server for any user with SFTP access in...
7.2AI Score
Moby Docker cp broken with debian containers in github.com/moby/moby
Moby Docker cp broken with debian containers in...
9.8CVSS
6.6AI Score
0.016EPSS
Mattermost vulnerable to denial of service via large number of emoji reactions in...
4.3CVSS
6.5AI Score
0.0005EPSS
Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Mattermost fails to limit the number of role names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
6.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining Multiple CVEs
Summary There is a vulnerability in Apache Commons Compress that could allow an remote attacker exploit to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
8.1CVSS
7.2AI Score
0.001EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025
Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...
5.3CVSS
7.1AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
7.1AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772
Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...
5.9CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849
Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
6.5CVSS
6.3AI Score
0.0004EPSS
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:....
8.1CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135
Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...
7.5CVSS
6.2AI Score
0.0004EPSS