Debian dla-3820 : bluetooth - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3820 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3820-1 [email protected] ...
7.3AI Score
Atlassian Confluence Data Center and Server - Remote Code Execution
Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X (affected versions). This issue allows authenticated attackers to execute arbitrary...
8.2AI Score
0.0004EPSS
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version...
6.5AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
github.com/huandu/facebook may expose access_token in error message.
Summary access_token can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain access_token. This can be happen when: - module is sending HTTP request with query parameter ?access_token=.... - and HTTP request fails...
6.9AI Score
0.0004EPSS
github.com/huandu/facebook may expose access_token in error message.
Summary access_token can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain access_token. This can be happen when: - module is sending HTTP request with query parameter ?access_token=.... - and HTTP request fails...
6.5AI Score
0.0004EPSS
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-34054 DESCRIPTION: **VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending...
10AI Score
0.015EPSS
Malicious code in cst-web-chat (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d63325ebdbf1c74d7cc5b1900804d59ba11882efb8796b209b0c5b572d4844a2) The OpenSSF Package Analysis project identified 'cst-web-chat' @ 3.3.7 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....
6.5AI Score
0.0004EPSS
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...
6.8AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary.....
6.8AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
6.7AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can....
6.7AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
6.2AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be.....
6.8AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
6.6AI Score
0.0005EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels.....
6.7AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations (in Cilium >= v1.13) or io.cilium.proxy-visibility annotations (in.....
6.6AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other....
6.7AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.7AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...
6.7AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being...
6.7AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent....
6.7AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...
6.6AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
6.5AI Score
0.0004EPSS
Kwik does not discard unused encryption keys
Kwik commit 745fd4e2 does not discard unused encryption...
6.9AI Score
Kwik does not discard unused encryption keys
Kwik commit 745fd4e2 does not discard unused encryption...
6.9AI Score
Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....
6.6AI Score
0.0004EPSS
Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....
6.6AI Score
0.0004EPSS
PHP Server Monitor vulnerable to Cross-site Scripting
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
5.7AI Score
0.0004EPSS
PHP Server Monitor vulnerable to Cross-site Scripting
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
5.7AI Score
0.0004EPSS
Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...
8.4AI Score
0.001EPSS
Malicious code in hydra-player-sdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a52c3a49cf7e08847e0838d8c010e336bb8a52a8bb634df6fb4114cd752632b9) The OpenSSF Package Analysis project identified 'hydra-player-sdk' @ 2.2.4 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-25180 DESCRIPTION: **pdfmake could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input....
8.7AI Score
0.001EPSS
Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2024-28752). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation....
6.7AI Score
0.0004EPSS
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
6.7AI Score
0.0004EPSS
Dolibarr vulnerable to SQL Injection
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in...
7.6AI Score
0.0004EPSS
Dolibarr vulnerable to SQL Injection
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in...
7.9AI Score
0.0004EPSS
Dolibarr vulnerable to SQL Injection
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
7.9AI Score
0.0004EPSS
Dolibarr vulnerable to SQL Injection
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
7.6AI Score
0.0004EPSS
vxe-table Cross-site Scripting vulnerability
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting......
6.2AI Score
0.0004EPSS
vxe-table Cross-site Scripting vulnerability
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting......
6.4AI Score
0.0004EPSS
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.3AI Score
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.6AI Score
Summary Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a use-after-free...
6.8AI Score
0.0005EPSS
Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-2398 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a memory leak when...
7.2AI Score
0.0004EPSS
Summary Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2023-2953 DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer...
7.1AI Score
0.004EPSS
ezsystems/ezfind-ls is vulnerable to Cross-site Scripting (XSS). The vulnerability is caused due to the lack of proper sanitization of the $search_extras.spellcheck_collation variable in the "Did you mean...?" spell check/search suggestion feature. This may lead to unauthorized code execution,...
6.8AI Score