index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS)...
6.1CVSS
0.001EPSS
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...
7.5CVSS
7.5AI Score
0.001EPSS
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS)...
6.1AI Score
0.001EPSS
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...
7.7AI Score
0.001EPSS
CentOS 8 : ruby:2.5 (CESA-2019:1972)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:1972 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) Note that Nessus has not tested for this issue but has instead relied...
8.8CVSS
0.8AI Score
0.003EPSS
Principles for personal information security legislation
It goes without saying that the 117th US Congress has a lot to get done and many legitimate priorities are competing for finite legislative attention. Cybersecurity will be in this mix. In the wake of the SolarWinds attack, President-elect Biden issued a statement emphasizing that his...
0.5AI Score
QID Spotlight: Enhanced Oracle Java Discovery
Update December 15, 2020: This blog is updated with the FAQ section for customers to get more insight into QID details. Original Post: Securing Java instances has become critical for organizations because Java's wide use as an open-source component in applications has made it a captivating target.....
0.4AI Score
Exploit for SQL Injection in Connect-Pg-Simple Project Connect-Pg-Simple
Connect PG Simple A simple, minimal PostgreSQL session store...
7.3CVSS
0.2AI Score
0.001EPSS
0.8AI Score
0.001EPSS
RHEL 7 : rh-eclipse (RHSA-2020:5168)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5168 advisory. Eclipse is an integrated development environment (IDE). The rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse...
7CVSS
7.5AI Score
0.001EPSS
(RHSA-2020:5168) Moderate: rh-eclipse security, bug fix and enhancement update
Eclipse is an integrated development environment (IDE). The rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse Foundation's 2020-09 release train. For instructions on how to use rh-eclipse, see Using Eclipse linked from the References section. Security Fix(es): .....
0.1AI Score
0.001EPSS
[ASA-202011-14] postgresql: multiple issues
Arch Linux Security Advisory ASA-202011-14 Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Package : postgresql Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1276 Summary The package postgresql before version 12.5-1...
8.8CVSS
1AI Score
0.026EPSS
kernel security, bug fix, and enhancement update
[4.18.0-240.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and.....
8.2CVSS
0.4AI Score
0.003EPSS
RHEL 7 : Satellite 6.8 (Important) (RHSA-2020:4366)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4366 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
9AI Score
0.073EPSS
An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....
1.8AI Score
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
1.3AI Score
5.30 metadata for the Rocky Linux 8 module matrix (3/3)
An update is available for perl-DBD-Pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....
2.1AI Score
5.30 metadata for the Rocky Linux 8 module matrix (1/3)
An update is available for perl-DBD-Pg, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-FCGI, perl-DBD-MySQL, perl-String-ShellQuote. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...
2.1AI Score
This enhancement update adds the ruby:2.7 module to AlmaLinux (BZ#1817135) For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
2.2AI Score
Ruby on Rails: Regular expression denial of service in ActiveRecord's PostgreSQL Money type
Summary Hello team! The regular expressions used in the Money type to convert strings like -$100,000.00 to 100000 have an execution time with a quadratic growth proportional to the length of the string. Causing the denial of service requires very long strings but if the parameter is in a post body....
7.5CVSS
AI Score
0.006EPSS
Satellite is vulnerable to privilege escalation. An attacker with an authenticated account on Single sign-on (SSO) is able to gain elevated privileges of existing local...
7.5CVSS
4.9AI Score
0.001EPSS
puppet-agent is vulnerable to man-in-the-middle attack. The Puppet Agent does not properly verify the SSL connection when downloading a...
5.4CVSS
2.8AI Score
0.001EPSS
(RHSA-2020:4366) Important: Satellite 6.8 release
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): mysql-connector-java: Connector/J unspecified vulnerability (CPU October...
-0.3AI Score
0.073EPSS
pg-kirche.de Cross Site Scripting vulnerability OBB-1432787
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
cfme2 uses insecure session management. An attacker is able to perform session tampering attacks using the secret in the static...
7.5CVSS
2.4AI Score
0.002EPSS
rosi.it Cross Site Scripting vulnerability OBB-1383036
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
0.7AI Score
mail.kult-art.net Cross Site Scripting vulnerability OBB-1379558
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
0.6AI Score
Security update for the Linux Kernel (important)
An update that solves 9 vulnerabilities and has 103 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a ...
7.8CVSS
0.2AI Score
EPSS
foreman is vulnerable to information disclosre. It is possible due to unauthorized cache read on RPM-based installations through local...
8.8CVSS
1.2AI Score
0.0004EPSS
mcc-unitec.com Cross Site Scripting vulnerability OBB-1364875
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.2AI Score
booking.easybooking.guru Cross Site Scripting vulnerability OBB-1364687
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.2AI Score
etg.lu Cross Site Scripting vulnerability OBB-1363241
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.2AI Score
integart.us Cross Site Scripting vulnerability OBB-1357668
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
0.6AI Score