Moderate: ruby:2.5 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626) Security Fix(es): ruby: NUL injection...
8.1CVSS
8.1AI Score
0.012EPSS
ruby:2.5 security, bug fix, and enhancement update
An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....
8.1CVSS
8.1AI Score
0.012EPSS
(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626) Security Fix(es): ruby: NUL injection...
8.1AI Score
0.012EPSS
ruby:2.7 security, bug fix, and enhancement update
An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....
7.5CVSS
8.2AI Score
0.003EPSS
(RHSA-2021:2584) Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): ruby: Potential HTTP request...
8.2AI Score
0.003EPSS
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): ruby: Potential HTTP request...
7.5CVSS
8.1AI Score
0.003EPSS
RHEL 8 : ruby:2.6 (RHSA-2021:2588)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881) ruby: NUL...
8.1CVSS
8.3AI Score
0.012EPSS
CentOS 8 : ruby:2.5 (CESA-2021:2587)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2587 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service vulnerability of...
8.1CVSS
8.1AI Score
0.012EPSS
CentOS 8 : ruby:2.7 (CESA-2021:2584)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) Note that Nessus...
7.5CVSS
8.2AI Score
0.003EPSS
RHEL 8 : ruby:2.5 (RHSA-2021:2587)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2587 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
8.1CVSS
8.8AI Score
0.012EPSS
RHEL 8 : ruby:2.7 (RHSA-2021:2584)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) Note...
7.5CVSS
8.3AI Score
0.003EPSS
CentOS 8 : ruby:2.6 (CESA-2021:2588)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2588 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service vulnerability of...
8.1CVSS
8.2AI Score
0.012EPSS
SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2021:2163-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2163-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue...
5.9CVSS
6AI Score
0.001EPSS
5.9CVSS
7.7AI Score
0.001EPSS
shmoop.com Cross Site Scripting vulnerability OBB-2060589
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
-0.2AI Score
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and.....
6.7CVSS
6.6AI Score
0.0004EPSS
Security update for the Linux Kernel (important)
An update that solves two vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: Fixed an issue with the netfilter subsystem that...
5.5CVSS
-0.3AI Score
0.001EPSS
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS
Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local...
6.4CVSS
6.3AI Score
0.0004EPSS
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
6.4CVSS
6.8AI Score
0.0004EPSS
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local...
4.4CVSS
4.6AI Score
0.0005EPSS
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local...
4.4CVSS
4.5AI Score
0.0005EPSS
8.1CVSS
8AI Score
0.004EPSS
The US Supreme Court issued its long-awaited-by-cybersecurity-nerds opinion on _Van Buren v. United States. _The case examined whether it was a violation of the Computer Fraud and Abuse Act (CFAA) for a police officer to access a law enforcement database to obtain information, which the officer...
-0.2AI Score
FreeBSD : PG Partition Manager -- arbitrary code execution (58b22f3a-bc71-11eb-b9c9-6cc21735f730)
PG Partition Manager reports : In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
9.9AI Score
0.005EPSS
Email Campaign Spreads StrRAT Fake-Ransomware RAT
An email campaign is delivering a Java-based remote access trojan (RAT) that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence (MSI) team has outlined details of a “massive...
-0.2AI Score
Calling for cybersecurity in infrastructure modernization
Yesterday, Rapid7 sent a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation. The letter was signed by 19 companies, industry associations, and nonprofit groups who collaborated on the recommendations. The letter...
-0.2AI Score
PG Partition Manager -- arbitrary code execution
PG Partition Manager reports: In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not ...
9.8CVSS
4.1AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
9.7AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
7.7AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
9.5AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
9.8CVSS
9.8AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...
10AI Score
0.005EPSS
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. Bugs ...
9.8CVSS
9.5AI Score
0.005EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2021-716)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-29650: The netfilter subsystem allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and ...
5.5CVSS
8AI Score
0.001EPSS
Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
...
7.4AI Score
-0.8AI Score
-0.4AI Score
Security update for the Linux Kernel (important)
An update that solves two vulnerabilities and has 55 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: The netfilter subsystem allowed attackers to cause a ...
5.5CVSS
-0.1AI Score
0.001EPSS
Exploit for SQL Injection in Layer5 Meshery
[Vulnerability Report] CVE-2021-31856: a sql injection in...
9.8CVSS
10.2AI Score
0.044EPSS
(RHSA-2021:1313) Moderate: Satellite 6.9 Release
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): foreman: Managing repositories with their id via hammer does not respect the.....
0.1AI Score
0.666EPSS
RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
8.7AI Score
0.666EPSS
8.1CVSS
7.3AI Score
0.004EPSS
Detecting the "Next" SolarWinds-Style Cyber Attack
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments,...
0.1AI Score
Security Bulletin: IBM InfoSphere Information Server has a network layer security vulnerability
Summary A network layer security vulnerability in InfoSphere Information Server can lead to privilege escalation or unauthorized access. An unauthorized user could intercept and view communication between client and server. They could also modify or replay certain DataStage commands to get...
8.1CVSS
0.4AI Score
0.002EPSS
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Recent assessments: wvu-r7 at April 29, 2021 9:39pm UTC reported: CVE-2021-20020? Seems to be Postgres running in trust mode on TCP port 5029, which essentially...
9.8CVSS
-0.2AI Score
0.005EPSS
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...
7.5CVSS
0.001EPSS
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...
7.5CVSS
7.5AI Score
0.001EPSS