EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2024-1145)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote...
6.5CVSS
9.5AI Score
0.003EPSS
Summary IBM Sterling Control Center containerized image uses VMWare Tanzu Spring Boot and Pivotal Spring Framework. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-20883 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a...
9.8CVSS
8.9AI Score
0.024EPSS
RHEL 7 : runc (RHSA-2024:0717)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0717 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): *...
8.6CVSS
8.9AI Score
0.051EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0199
Updates of ['runc', 'ansible'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.051EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0561
Updates of ['ansible'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.001EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user...
4.8CVSS
6.1AI Score
0.0004EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input...
6.4CVSS
6.1AI Score
0.0004EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell...
7.8CVSS
8.1AI Score
0.0004EPSS
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive...
4.9CVSS
6AI Score
0.0005EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the...
7.8CVSS
8.1AI Score
0.0004EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user...
4.3CVSS
5.3AI Score
0.0004EPSS
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive...
4.9CVSS
5.3AI Score
0.0005EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell...
5.3CVSS
8.3AI Score
0.0004EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input...
6.4CVSS
6.5AI Score
0.0004EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the...
7.8CVSS
8.3AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0560
Updates of ['sendmail'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.002EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0198
Updates of ['openssl', 'linux-secure', 'linux-rt', 'linux'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
0.002EPSS
3a. Local Privilege Escalation vulnerability (CVE-2024-22237) Aria Operations for Networks contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8. 3b. Cross Site Scripting...
7.8CVSS
6.4AI Score
0.0005EPSS
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for...
5.5CVSS
5.3AI Score
0.0004EPSS
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for...
4.1CVSS
5.7AI Score
0.0004EPSS
Exploring the (Not So) Secret Code of Black Hunt Ransomware
It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...
8.2AI Score
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265. Vulnerability Details ** CVEID: CVE-2023-20861 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could...
7.5CVSS
7.8AI Score
0.003EPSS
Moderate Photon OS Security Update - PHSA-2024-3.0-0721
Updates of ['openssl'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.002EPSS
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 261 Vulnerability Details ** CVEID: CVE-2022-41881 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message,.....
9.8CVSS
9.3AI Score
0.821EPSS
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Boot . Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring...
6.5CVSS
7.5AI Score
0.0005EPSS
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details ** CVEID: CVE-2023-6481 DESCRIPTION: **QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially...
10CVSS
10AI Score
0.037EPSS
Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for....
7.5CVSS
7.1AI Score
0.001EPSS
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free...
Summary IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2002-0080 DESCRIPTION: **rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for...
8.1CVSS
9.4AI Score
0.732EPSS
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
5.5CVSS
5.2AI Score
0.0004EPSS
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
3.3CVSS
5.5AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0558
Updates of ['libtiff', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
RHEL 7 : tigervnc (RHSA-2024:0629)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0629 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
9.8CVSS
8.6AI Score
0.002EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0719
Updates of ['linux-esx', 'libtiff', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Critical Photon OS Security Update - PHSA-2024-5.0-0197
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.008EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0559
Updates of ['linux', 'linux-aws', 'openssl', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.002EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0720
Updates of ['linux-esx', 'linux', 'linux-aws', 'linux-secure', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager (IDRM) 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act....
9.8CVSS
9.7AI Score
0.732EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through...
7.1CVSS
7.7AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through...
7.9CVSS
6.8AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through...
7.1CVSS
7.1AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through...
7.9CVSS
7.9AI Score
0.0004EPSS
RHEL 7 : thunderbird (RHSA-2024:0601)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0601 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fix(es): *...
8.8CVSS
8.2AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0196
Updates of ['libtiff', 'linux', 'linux-secure', 'wireshark', 'procps-ng', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
9.8AI Score
0.001EPSS
RHEL 7 : firefox (RHSA-2024:0600)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0600 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8.8CVSS
8.2AI Score
0.001EPSS
Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details ** CVEID: CVE-2023-29405 DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when...
9.8CVSS
8.3AI Score
0.005EPSS
7.8CVSS
8.8AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0557
Updates of ['wireshark'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM...
9.8CVSS
9.9AI Score
0.003EPSS
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM...
10CVSS
9.8AI Score
0.003EPSS