7.3AI Score
0.004EPSS
9.8CVSS
6.5AI Score
0.006EPSS
RHEL 7 : Satellite 6.10.2 Async Bug Fix Update (Moderate) (RHSA-2022:0190)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0190 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
6.2CVSS
6AI Score
0.0004EPSS
(RHSA-2022:0190) Moderate: Satellite 6.10.2 Async Bug Fix Update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
-0.3AI Score
0.0004EPSS
In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...
1.7AI Score
In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...
1.7AI Score
(RHSA-2021:4702) Moderate: Satellite 6.10 Release
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * python-ecdsa: Unexpected and undocumented exceptions during signature...
7.6AI Score
0.02EPSS
An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the...
1.7AI Score
This enhancement update adds the ruby:3.0 module to AlmaLinux (BZ#1938942) For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
2.2AI Score
Title: race condition vs Temporary File Upload Description flatCore-CMS is vulnerable to Race condition while dealing uploading gallery Codes at https://github.com/flatCore/flatCore-CMS/blob/main/acp/core/files.upload_gallery.php#L31 ```php if(array_key_exists('file',$_FILES) &&...
6.6CVSS
0.2AI Score
0.001EPSS
Debian DLA-2768-1 : uwsgi - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2768 advisory. A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30...
7.5CVSS
0.3AI Score
0.002EPSS
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code...
7.8CVSS
8AI Score
0.001EPSS
7.5CVSS
8.8AI Score
0.002EPSS
1.1AI Score
MiniOrange SAML Drupal Module 8.x-2.22 Privilege escalation via XML Signature Wrapping Vulnerability
...
0.7AI Score
[SECURITY] [DLA 2768-1] uwsgi security update
Debian LTS Advisory DLA-2768-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 29, 2021 https://wiki.debian.org/LTS Package : uwsgi Version : 2.0.14+20161117-3+deb9u4 CVE...
7.5CVSS
8.8AI Score
0.002EPSS
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)
EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU Families Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
9.8CVSS
10AI Score
0.005EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages uwsgi - fast, self-healing application container server Details USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details:...
9.8CVSS
9.9AI Score
0.011EPSS
Releases Ubuntu 18.04 ESM Packages uwsgi - fast, self-healing application container server Details Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code...
9.8CVSS
9.8AI Score
0.011EPSS
Ubuntu 18.04 LTS : uWSGI vulnerability (USN-5054-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5054-1 advisory. Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVE-2020-11984) Note that Nessus has not tested for this issue but has...
9.8CVSS
8.9AI Score
0.011EPSS
CentOS 8 : ruby:2.7 (CESA-2021:3020)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3020 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) rubygem-rdoc: Command...
8.8CVSS
7.7AI Score
0.01EPSS
RHEL 8 : ruby:2.7 (RHSA-2021:3020)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3020 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
8.8CVSS
8.1AI Score
0.01EPSS
ruby [2.7.4-137] - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz#1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: rhbz#1986812 - Fix StartTLS stripping vulnerability in Net::IMAP. Resolves: rhbz#1986813...
8.8CVSS
0.9AI Score
0.01EPSS
Important: ruby:2.7 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...
8.8CVSS
7.9AI Score
0.01EPSS
(RHSA-2021:3020) Important: ruby:2.7 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...
0.5AI Score
0.01EPSS
An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....
8.8CVSS
7.8AI Score
0.01EPSS
pcs security and bug fix update
An update for pcs is now available for Rocky Linux 8. Rocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
7.5CVSS
1.7AI Score
0.006EPSS
openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:2163-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2163-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within...
5.9CVSS
-0.5AI Score
0.001EPSS
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:2163-1)
The remote host is missing an update for...
5.9CVSS
7.2AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 250 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 187 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
ruby:2.6 security, bug fix, and enhancement update
ruby [2.6.7-107] - Upgrade to Ruby 2.6.7. Resolves: rhbz#1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz#1954968 - Fix: Rubygem-bundler: Don't use insecure tmp directory as home allows for execution of malicious...
8.1CVSS
2.7AI Score
0.012EPSS
Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...
8.1CVSS
8.3AI Score
0.019EPSS
ruby:2.7 security, bug fix, and enhancement update
ruby [2.7.3-136] - Upgrade to Ruby 2.7.3. Resolves: rhbz#1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz#1952000 [2.7.2-135] - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in...
7.5CVSS
2.3AI Score
0.003EPSS
Oracle Linux 8 : ruby:2.7 (ELSA-2021-2584)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2584 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had...
7.5CVSS
8.2AI Score
0.003EPSS
ruby:2.5 security, bug fix, and enhancement update
ruby [2.5.9-107] - Update to Ruby 2.5.9. * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz#1952626 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves:...
8.1CVSS
2.3AI Score
0.012EPSS
openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:0940-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0940-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within...
5.9CVSS
-0.5AI Score
0.001EPSS
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:0940-1)
The remote host is missing an update for...
5.9CVSS
7.2AI Score
0.001EPSS
Moderate: ruby:2.6 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627) Security Fix(es): rubygem-bundler: Insecure...
8.1CVSS
8.4AI Score
0.012EPSS