4.9CVSS
6.7AI Score
0.013EPSS
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
10CVSS
6.7AI Score
0.001EPSS
Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM
Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud...
7.3AI Score
4.9CVSS
7AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...
7.5CVSS
8.2AI Score
0.005EPSS
Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...
6.8CVSS
6.8AI Score
0.0004EPSS
New! Insight Agent Support for ARM-based Windows in InsightVM
We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...
7.1AI Score
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
6.9AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-33599) It was discovered that GNU C Library nscd daemon did not properly check the cache content, leading to a null...
5.6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: cacti-spine-1.2.27-1.fc39
Spine is a supplemental poller for Cacti that makes use of pthreads to achieve excellent...
9.1CVSS
6.9AI Score
0.002EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages glibc - GNU C Library Details It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of...
6.6AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6804-1 advisory. It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local.....
6.4AI Score
0.0004EPSS
10CVSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
7.4AI Score
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
9.2AI Score
0.975EPSS
TYPO3 possible cache poisoning on the homepage when anchors are used
A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can.....
7.1AI Score
TYPO3 possible cache poisoning on the homepage when anchors are used
A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can.....
7.1AI Score
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...
8.2CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references...
6.3AI Score
0.0004EPSS
CVE-2024-36923 fs/9p: fix uninitialized values during inode evict
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...
6.9AI Score
0.0004EPSS
CVE-2024-36923 fs/9p: fix uninitialized values during inode evict
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
6.8AI Score
0.0004EPSS
CVE-2024-36019 regmap: maple: Fix cache corruption in regcache_maple_drop()
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
6.7AI Score
0.0004EPSS
CVE-2024-36019 regmap: maple: Fix cache corruption in regcache_maple_drop()
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...
7.2AI Score
0.0004EPSS
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. "These vulnerabilities are found in various WordPress plugins and are...
8.3CVSS
6.1AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
9.3AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Inosoft Equipment: VisiWin Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM...
7.8CVSS
7.2AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...
7.5CVSS
7.7AI Score
0.002EPSS
Baxter Welch Allyn Configuration Tool
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Configuration Tool Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the unintended exposure of...
7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
9.8CVSS
7.7AI Score
EPSS
Baxter Welch Allyn Connex Spot Monitor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Connex Spot Monitor (CSM) Vulnerability: Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...
7AI Score
0.0004EPSS
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 273 Vulnerability Details ** CVEID: CVE-2021-32052 DESCRIPTION: **Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to...
7.5CVSS
9.3AI Score
0.963EPSS
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.1AI Score
EPSS
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.6AI Score
EPSS
7.5CVSS
6.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)
The remote host is missing an update for the Huawei...
7.3CVSS
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1743)
The remote host is missing an update for the Huawei...
7.3CVSS
6.7AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:1808-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1808-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has...
7AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.8CVSS
7.4AI Score
0.001EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1764)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...
7.8CVSS
7.8AI Score
EPSS