OMICARD EDM 's SMS Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.3AI Score
0.0004EPSS
CVE-2021-47572 net: nexthop: fix null pointer dereference when IPv6 is not enabled
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.8AI Score
0.0004EPSS
CVE-2021-47569 io_uring: fail cancellation for EXITING tasks
In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0 Workqueue:...
7.1AI Score
0.0004EPSS
CVE-2021-47542 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg, and there is a...
7.3AI Score
0.0004EPSS
CVE-2021-47512 net/sched: fq_pie: prevent dismantle issue
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: prevent dismantle issue For some reason, fq_pie_destroy() did not copy working code from pie_destroy() and other qdiscs, thus causing elusive bug. Before calling del_timer_sync(&q->adapt_timer), we need to...
7.3AI Score
0.0004EPSS
Summary Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a use-after-free...
6.8AI Score
0.0005EPSS
Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-2398 DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a memory leak when...
7.2AI Score
0.0004EPSS
Summary Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2023-2953 DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer...
7.1AI Score
0.004EPSS
Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager (CVE-2023-50312,CVE-2024-27270 and CVE-2024-22329) Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could.....
6.5AI Score
0.0004EPSS
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and...
6.4AI Score
0.0004EPSS
F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split...
6.5AI Score
7.1AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2024:1768-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1768-1 advisory. PostgreSQL upgrade to version 14.12 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and...
7.4AI Score
Ivanti Endpoint Manager RecordBrokenApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordBrokenApp method. The issue results from the lack....
8.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : python-sqlparse (SUSE-SU-2024:1767-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1767-1 advisory. - CVE-2024-4340: Catch RecursionError to avoid a denial of service. (bsc#1223603) Tenable has extracted the preceding...
7.3AI Score
Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatches method. The issue results from the lack of....
8.1AI Score
Oracle Linux 7 : libreoffice (ELSA-2024-3304)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...
7.1AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_23-2024-05) - Windows
Google Chrome is prone to a type confusion ...
6.2AI Score
Ivanti Policy Secure 22.x XSS Vulnerability
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
6.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetVulnerabilitiesDataTable method. The issue results from the lack of proper...
8.1AI Score
7.1AI Score
0.001EPSS
Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack...
8.1AI Score
Ivanti Endpoint Manager GetDBVulnerabilities SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBVulnerabilities method. The issue results from the....
8.1AI Score
Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack...
8.1AI Score
7.5AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_23-2024-05) - Mac OS X
Google Chrome is prone to a type confusion ...
6.2AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_23-2024-05) - Linux
Google Chrome is prone to a type confusion ...
6.2AI Score
7.5AI Score
0.0004EPSS
7.3AI Score
0.013EPSS
6.8AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesNameUniqueSQL method. The issue results from the lack of proper...
8.1AI Score
7.2AI Score
7.5AI Score
Ivanti Endpoint Manager GetDBPatchProducts SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatchProducts method. The issue results from the...
8.1AI Score
Ivanti Endpoint Manager GetLogFileRulesSQL SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesSQL method. The issue results from the lack of proper validation...
8.1AI Score
Ivanti Connect Secure 9.x / 22.x XSS Vulnerability
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
6.1AI Score
K000139764: Apache HTTPD vulnerability CVE-2023-38709
Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) Impact This vulnerability allows malicious or exploitable...
6.8AI Score
0.0004EPSS
F5 Networks BIG-IP : Libexpat vulnerability (K000139525)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in ...
7.4AI Score
7.1AI Score
0.001EPSS
Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...
7.8AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:1770-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1770-1 advisory. Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution...
8.3AI Score
Ivanti Endpoint Manager GetRulesetsSQL SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetRulesetsSQL method. The issue results from the lack of proper validation of a.....
8.1AI Score
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
(RHSA-2024:3354) Important: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 is released which includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223) jetty-servlets: jetty: Improper addition of...
7.5AI Score
0.055EPSS
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via...
7.7CVSS
7.1AI Score
0.0004EPSS
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP...
8.8CVSS
7.5AI Score
0.0004EPSS
Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...
9.4AI Score
0.962EPSS
(RHSA-2024:2877) Important: OpenShift Container Platform 4.13.42 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...
7.4AI Score
0.0005EPSS
(RHSA-2024:2875) Important: OpenShift Container Platform 4.13.42 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the RPM...
6.8AI Score
0.037EPSS
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score