(RHSA-2024:3431) Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...
6.9AI Score
0.0004EPSS
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user...
6.9AI Score
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user...
6.9AI Score
(RHSA-2024:3428) Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
6.4AI Score
0.0004EPSS
(RHSA-2024:3427) Important: kpatch-patch security update
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) For more details about the security...
6.9AI Score
0.0004EPSS
(RHSA-2024:3426) Important: varnish:6 security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish:6: HTTP/2 Broken Window Attack may result in denial of service...
6.8AI Score
0.0004EPSS
(RHSA-2024:3423) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
7.2AI Score
0.0004EPSS
(RHSA-2024:3422) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635) linux-firmware: hw: intel: Improper access control for...
7AI Score
0.0004EPSS
(RHSA-2024:3421) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function...
7.1AI Score
0.001EPSS
(RHSA-2024:3417) Moderate: mod_http2 security update
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.7AI Score
0.0004EPSS
(RHSA-2024:3418) Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
6.4AI Score
0.0004EPSS
(RHSA-2024:3414) Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: nf_tables: use-after-free...
7.2AI Score
0.001EPSS
(RHSA-2024:3411) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
7.2AI Score
0.0004EPSS
(RHSA-2024:3402) Moderate: mod_http2 security update
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.7AI Score
0.0004EPSS
(RHSA-2024:3401) Moderate: rpm-ostree security update
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...
7.1AI Score
0.0004EPSS
CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos as-req request
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of...
6.9AI Score
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...
6.7AI Score
eduroyale.com Cross Site Scripting vulnerability OBB-3931384
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
(RHSA-2024:3391) Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
6.8AI Score
0.0005EPSS
CVE-2024-5415 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to...
6.7AI Score
CVE-2024-5414 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their.....
6.7AI Score
CVE-2024-5413 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their...
6.7AI Score
best.itour.ru Cross Site Scripting vulnerability OBB-3931382
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
heimatverein-fechenheim.de Cross Site Scripting vulnerability OBB-3931381
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
itour.ru Cross Site Scripting vulnerability OBB-3931380
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
obnovlenie.ru Cross Site Scripting vulnerability OBB-3931379
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
церебро.рф Cross Site Scripting vulnerability OBB-3931378
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
oauthv2.gbooking.ru Cross Site Scripting vulnerability OBB-3931377
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dropmefiles.com Cross Site Scripting vulnerability OBB-3931376
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
comnews-conferences.ru Cross Site Scripting vulnerability OBB-3931375
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
for-gun.ru Cross Site Scripting vulnerability OBB-3931374
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
altius.ru Cross Site Scripting vulnerability OBB-3931371
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
wilda.ru Cross Site Scripting vulnerability OBB-3931372
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
contentatscale.ai Cross Site Scripting vulnerability OBB-3931369
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
headmatch.de Cross Site Scripting vulnerability OBB-3931367
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
vetandlife.ru Cross Site Scripting vulnerability OBB-3931368
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ttdonw.cat Cross Site Scripting vulnerability OBB-3931366
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed...
6.7AI Score
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available options don't meet.....
6.4AI Score
CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
5.8AI Score
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to failing to enforce proper access control, allowing a user to run a slash command in a channel they are not a member of by linking a playbook run to that channel and executing a slash command as a playbook task...
6.8AI Score
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet
Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a...
7.4AI Score
(RHSA-2024:3385) Moderate: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14. Security Fix(es): jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) jetty-server: OutOfMemoryError for large multipart...
7.1AI Score
0.002EPSS
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function....
6.9AI Score
0.0004EPSS
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and.....
6.5AI Score
0.0004EPSS
What is an Infosec Audit and Why Does Your Company Need One?
By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need...
7.4AI Score
CVE-2024-5411 Command Injection
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and...
7.2AI Score