Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-8 - Open Source Java implementation Details Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to...
7.4CVSS
8.9AI Score
0.001EPSS
7.4CVSS
7.2AI Score
0.001EPSS
GhostRace – New Data Leak Vulnerability Affects Modern CPUs
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines...
5.6CVSS
6.7AI Score
0.976EPSS
Updated java 1.8.0, 11 & latest packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. (CVE-2024-20918) RSA padding issue and timing side-channel attack against TLS. (CVE-2024-20952) Arbitrary Java code execution in Nashorn. (CVE-2024-20926) JVM class file...
7.4CVSS
7.8AI Score
0.001EPSS
Update Rollup 6 for System Center 2019 Orchestrator
Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System...
7.2AI Score
7.4CVSS
7.2AI Score
0.001EPSS
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or....
7.3AI Score
0.0004EPSS
DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that...
8.8CVSS
6.8AI Score
0.005EPSS
CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
Overview A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...
5.5AI Score
0.0004EPSS
March 12, 2024—KB5035845 (OS Builds 19044.4170 and 19045.4170)
March 12, 2024—KB5035845 (OS Builds 19044.4170 and 19045.4170) NEW 03/12/24 IMPORTANT The following editions of Windows 10, version 21H2 will reach end of service on June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that date,.....
8.8CVSS
7.7AI Score
0.001EPSS
Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2023-5752 DESCRIPTION: **Python Packaging...
5.5CVSS
6.3AI Score
0.0004EPSS
Summary There is a vulnerability in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2023-45143 DESCRIPTION: **Node.js undici module could...
3.9CVSS
6.1AI Score
0.009EPSS
Summary There is a vulnerability in follow-redirects used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a...
7.3CVSS
6.7AI Score
0.001EPSS
7.4CVSS
7.2AI Score
0.001EPSS
CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or....
7.2CVSS
7.4AI Score
0.0004EPSS
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised...
9CVSS
9.1AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...
7.8CVSS
6.5AI Score
0.0004EPSS
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant...
5.5CVSS
7AI Score
0.002EPSS
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance...
7.2CVSS
7.4AI Score
0.0004EPSS
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance...
7.2CVSS
7.1AI Score
0.0004EPSS
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
CentOS: Security Advisory for java (CESA-2024:0223)
The remote host is missing an update for...
7.4CVSS
7.2AI Score
0.001EPSS
CentOS: Security Advisory for java-11-openjdk (CESA-2024:0232)
The remote host is missing an update for...
7.4CVSS
7.2AI Score
0.001EPSS
openSUSE: Security Advisory for java (SUSE-SU-2024:0325-1)
The remote host is missing an update for...
7.5CVSS
7AI Score
0.001EPSS
openSUSE: Security Advisory for gcc13 (SUSE-SU-2023:4458-1)
The remote host is missing an update for...
4.8CVSS
5.5AI Score
0.0005EPSS
openSUSE: Security Advisory for gcc13 (SUSE-SU-2023:4162-1)
The remote host is missing an update for...
4.8CVSS
5.5AI Score
0.0005EPSS
openSUSE: Security Advisory for git (SUSE-SU-2023:0430-1)
The remote host is missing an update for...
7.5CVSS
6.9AI Score
0.001EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify....
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify....
4.3CVSS
4.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...
4.3CVSS
4.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to.....
4.3CVSS
4.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...
4.3CVSS
4.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to.....
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.3AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
5.2AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
4.3AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
4.6AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
4.3AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
4.3AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
5.2AI Score
0.0004EPSS
Cross site request forgery (csrf)
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify....
4.3CVSS
6.6AI Score
0.0004EPSS
Cross site request forgery (csrf)
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...
4.3CVSS
6.6AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
6.7AI Score
0.0004EPSS
Cross site request forgery (csrf)
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...
4.3CVSS
6.6AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.7AI Score
0.0004EPSS
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS