Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...
7.5CVSS
8.2AI Score
0.732EPSS
jblfilms.com Cross Site Scripting vulnerability OBB-3934484
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION:...
7.5CVSS
9.4AI Score
0.732EPSS
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...
7.5CVSS
7.5AI Score
0.001EPSS
berlin-en-ligne.com Cross Site Scripting vulnerability OBB-3934483
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
mayfever.crowdfundhq.com Cross Site Scripting vulnerability OBB-3934482
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
7.6AI Score
0.0004EPSS
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
0.0004EPSS
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...
5.3CVSS
5.3AI Score
0.0005EPSS
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...
5.3CVSS
0.0005EPSS
Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...
5.3CVSS
6.9AI Score
0.0004EPSS
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...
6.4AI Score
0.0004EPSS
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...
0.0004EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
0.0005EPSS
Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...
5.3CVSS
0.0004EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
6.5AI Score
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
7AI Score
0.0005EPSS
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
0.0005EPSS
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.2AI Score
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
0.0005EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....
8.8CVSS
7.7AI Score
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...
8.8CVSS
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...
8.8CVSS
8.9AI Score
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...
8.8CVSS
7.6AI Score
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....
8.8CVSS
8.9AI Score
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....
8.8CVSS
0.0004EPSS
CVE-2022-37020 HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential...
0.0004EPSS
CVE-2022-37019 HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential...
0.0004EPSS
CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...
0.0004EPSS
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. If an...
5.3CVSS
6.9AI Score
0.0005EPSS
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. If an...
5.3CVSS
7.2AI Score
0.0005EPSS
ghtml Cross-Site Scripting (XSS) vulnerability
Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...
8.9CVSS
5.4AI Score
0.0004EPSS
ghtml Cross-Site Scripting (XSS) vulnerability
Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...
8.9CVSS
5.3AI Score
0.0004EPSS
Composer has a command injection via malicious git branch name
Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...
8.8CVSS
7.6AI Score
0.0004EPSS
Composer has a command injection via malicious git branch name
Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...
8.8CVSS
7.3AI Score
0.0004EPSS
CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...
5.3CVSS
0.0005EPSS
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
0.0004EPSS
CVE-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...
8.8CVSS
0.0004EPSS
Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...
5.3CVSS
0.0004EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
0.0005EPSS
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
0.0005EPSS
CVE-2024-35241 Composer vulnerable to command injection via malicious git branch name
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....
8.8CVSS
0.0004EPSS
Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details ** CVEID: CVE-2019-20444 DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a...
9.1CVSS
9.2AI Score
0.012EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.5CVSS
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.5CVSS
8.7AI Score
0.0004EPSS
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code...
7.2AI Score
0.0004EPSS
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the...
5.9AI Score
0.0004EPSS
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the...
6.1AI Score
0.0004EPSS
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code...
0.0004EPSS