Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...
5.9CVSS
7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...
7.5CVSS
7.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...
4.7CVSS
5.9AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere...
5.3CVSS
6.4AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...
6.4CVSS
5.8AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...
6.4CVSS
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...
6.4CVSS
0.0004EPSS
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.001EPSS
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
0.001EPSS
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
0.001EPSS
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....
7.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
RHEL 9 : libreoffice (RHSA-2024:3835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.3AI Score
0.001EPSS
Dashboard Widgets Suite < 3.4.4 - Reflected Cross-Site Scripting
Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6.3AI Score
0.0005EPSS
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...
5.3CVSS
6.7AI Score
0.0004EPSS
Only one critical issue disclosed as part of Microsoft Patch Tuesday
Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...
9.8CVSS
9.8AI Score
0.003EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...
7AI Score
EPSS
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary...
7.7AI Score
0.0004EPSS
Summary IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the...
5.3CVSS
6.6AI Score
0.0004EPSS
Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
6.1AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...
5.3CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details ** CVEID: CVE-2023-45178 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) CLI is vulnerable to a denial of service when a specially...
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite...
8.1CVSS
7AI Score
0.001EPSS
Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...
9.8CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.3CVSS
7.2AI Score
0.0005EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.003EPSS
7CVSS
6.9AI Score
0.0004EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
6.7CVSS
6.8AI Score
0.0004EPSS
Enhancing Velociraptor with the Cado Security Platform
_By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security _ Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly...
7.4AI Score
How Cynet Makes MSPs Rich & Their Clients Secure
Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...
7.1AI Score
7.8CVSS
7.1AI Score
0.001EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
7.8CVSS
7.1AI Score
0.001EPSS
June 11, 2024—KB5039266 (Security-only update)
June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS
Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.001EPSS
June 11, 2024—KB5039274 (Security-only update)
June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS