USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to ...
7.9AI Score
0.013EPSS
USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to...
7.1AI Score
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a.....
7.4AI Score
0.0004EPSS
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and.....
6.7AI Score
0.0004EPSS
omero-web is vulnerable to Improper Callback Validation. The vulnerability is due to a lack of sanitization or validation of callback parameters in JSONP-enabled endpoints, which allows an attacker to execute arbitrary JavaScript code in the...
7.3AI Score
0.0004EPSS
litellm is vulnerable to Code Injection. The vulnerability is due to unsafe usage of the eval function in the litellm.get_secret() method, where untrusted data is passed to eval without...
6.9AI Score
0.0004EPSS
Improper Certificate Validation
Requests is vulnerable to Improper Certificate Validation. The vulnerability is due to a flaw where disabling certificate verification (verify=False) in the first request of a Session causes all subsequent requests to the same origin to ignore certificate verification, regardless of changes to the....
6.2AI Score
0.0004EPSS
umbraco.cms is vulnerable to Open Redirect. The vulnerability is due to improper validation of redirect targets, which results in authenticated users being redirected to malicious websites after logging into the...
6.5AI Score
0.0004EPSS
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...
5.6AI Score
0.0004EPSS
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web...
6.4AI Score
0.0004EPSS
passbolt/passbolt_api is vulnerable to HTML injection. The vulnerability is due to improper input sanitization, allowing an attacker to inject HTML code in...
7.3AI Score
wwbn/avideo is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient input validation, allowing attackers to inject malicious scripts into web pages viewed by other...
6.3AI Score
Goggle chrome is vulnerable to UI Spoofing. The vulnerability is caused due to an Inappropriate implementation in Downloads which allows a remote attacker to convince a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML...
6.2AI Score
0.0004EPSS
Drupal's path module is vulnerable to a Open Redirect. The vulnerability is due to improper URL handling which allows users with 'administer paths' permissions to create URLs that redirect to malicious...
7AI Score
passbolt/passbolt_api is vulnerable to Remote Code Execution (RCE). The vulnerability is due to improper input sanitization during the server's PGP key generation, allowing users to inject shell code during...
7.8AI Score
gvisor.dev/gvisor is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper checks for mounts marked as unmounted before propagating, which could lead to a panic. This allows an attacker running as root and with permission to mount volumes to kill the...
6.7AI Score
0.0004EPSS
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service (DoS) attack by submitting maliciously crafted large...
7.2AI Score
0.0004EPSS
pusher/pusher-php-server is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of the channel name and socket ID, which allows malicious end-users to forge access to unauthorized private...
7AI Score
D-Link DAR-8000-10 - Command Injection
D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command...
8AI Score
0.001EPSS
passbolt/passbolt_api is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of user input, allowing an attacker to inject malicious scripts into the user's first and last name fields, which execute when the setup link in the invitation email is...
6.7AI Score
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version...
7AI Score
0.001EPSS
propel/propel is vulnerable to SQL Injection. The vulnerability is due to a lack of implicit integer cast of the limit input, which allows an attacker to execute malicious...
7.8AI Score
Summary WebSphere Application Server Liberty used by IBM Operations Analytics - Log Analysis is vulnerable to weak security. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security.....
6.2AI Score
0.0004EPSS
propel/propel1 is vulnerable to SQL Injection. The vulnerability is due to a lack of implicit integer cast of the limit input, which allows an attacker to execute malicious...
7.8AI Score
ibc-go module is vulnerable to the "Huckleberry" vulnerability. The vulnerability is due to a flaw in the Inter-Blockchain Communication (IBC)...
6.9AI Score
@blackprint/engine is vulnerable to Prototype Pollution. The vulnerability is due to missing object type checks in the DeepProperty function in engine.min.js, which allows an attacker to execute arbitrary...
7.4AI Score
Nagios XI < 5.11.3 - SQL Injection
SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification...
8.2AI Score
0.001EPSS
In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...
7.2AI Score
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters date_from, date_to, and id_product allows a remote attacker to retrieve the contents of an entire...
8.2AI Score
0.001EPSS
RHEL 8 : freeglut (RHSA-2024:3120)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3120 advisory. freeglut is a completely open source alternative to the OpenGL Utility Toolkit (GLUT) library with an OSI approved free software...
7.8AI Score
RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:2985)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2985 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
7.1AI Score
RHEL 8 : python3.11 (RHSA-2024:3062)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3062 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
6.3AI Score
RHEL 8 : ansible-core (RHSA-2024:3043)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3043 advisory. Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over...
5.5AI Score
RHEL 8 : .NET 8.0 (RHSA-2024:3345)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3345 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
7.6AI Score
RHEL 8 : .NET 7.0 (RHSA-2024:3340)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3340 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
7.6AI Score
USN-6756-1: less vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...
8AI Score
0.0004EPSS
USN-6736-1: klibc vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to...
7.7AI Score
0.013EPSS
RHEL 8 : perl:5.32 (RHSA-2024:3128)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3128 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): *...
6.2AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2981 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP,...
6.6AI Score
Certain HP LaserJet Pro Printers – Potential Information Disclosure
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Update your printer...
7.1AI Score
0.0004EPSS
RHEL 8 : python27:2.7 (RHSA-2024:2987)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2987 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level...
7.6AI Score
7.2AI Score
0.0004EPSS
USN-6719-2: util-linux vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write...
6.9AI Score
0.0005EPSS
Certain HP LaserJet Pro – Potential Cross-Site Scripting (XSS)
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Update your printer...
5.9AI Score
0.0004EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.3AI Score
PostgreSQL 14.x < 14.12 / 15.x < 15.7 / 16.x < 16.3 Missing Authorization Check
The version of PostgreSQL installed on the remote host is 14 prior to 14.12, 15 prior to 15.7, or 16 prior to 16.3. As such, it is potentially affected by a vulnerability : Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database...
3.8AI Score
kernel security, bug fix, and enhancement update
[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
8AI Score
0.007EPSS
RHEL 8 : python3 (RHSA-2024:3347)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3347 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
7.5AI Score
RHEL 8 : qt5-qtbase (RHSA-2024:3056)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3056 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in...
6.8AI Score
USN-6737-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of...
8.2AI Score
0.0004EPSS