RHEL 8 : booth (RHSA-2024:3657)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3657 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
5.9CVSS
6.8AI Score
0.001EPSS
RHEL 9 : booth (RHSA-2024:3660)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3660 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
5.9CVSS
6.8AI Score
0.001EPSS
RHEL 9 : booth (RHSA-2024:3661)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3661 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
5.9CVSS
6.5AI Score
0.001EPSS
Oracle Linux 8 : kernel (ELSA-2024-3618)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....
7.8CVSS
8.7AI Score
0.001EPSS
Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release > v0.273.0 and <= v0.297.0 CF Deployment > v30.9.0 and <= v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker ca...
7.5CVSS
6.7AI Score
0.0005EPSS
[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...
7.8CVSS
9AI Score
0.001EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
6.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-30528 WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...
5.9CVSS
6.2AI Score
0.001EPSS
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL
Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-22112 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high...
4.9CVSS
5AI Score
0.001EPSS
TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats
Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...
7.2AI Score
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....
8.8CVSS
6.1AI Score
0.0004EPSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
9.5AI Score
0.0004EPSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
7.1AI Score
0.0004EPSS
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
9.5AI Score
0.0004EPSS
CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...
4.3CVSS
7.1AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...
3.7CVSS
4.3AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...
3.7CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...
3.7CVSS
4.3AI Score
0.0004EPSS
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...
3.7CVSS
6.9AI Score
0.0004EPSS
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....
7.1CVSS
8.9AI Score
0.003EPSS
Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a...
7.5CVSS
6.7AI Score
0.001EPSS
RHEL 9 : binutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (CVE-2021-45078) In GNU Binutils...
7.8CVSS
8.5AI Score
0.001EPSS
RHEL 6 : mysql55-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016) (CVE-2016-3471) mysql:...
7.5CVSS
5.4AI Score
0.005EPSS
RHEL 5 : mysql55-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) ...
7.5CVSS
6.2AI Score
0.009EPSS
RHEL 6 : mariadb-galera (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability related to Server:DML (CPU October 2015) (CVE-2015-4879) mysql:...
6.5CVSS
6.6AI Score
0.005EPSS
KLA68438 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...
8.4AI Score
0.0004EPSS
RHEL 8 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
5.5CVSS
7.3AI Score
0.011EPSS
RHEL 8 : libvirt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...
6.5CVSS
8.7AI Score
0.002EPSS
RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) (CVE-2013-0433) Oracle JDK 7:...
7.5AI Score
0.969EPSS
RHEL 7 : icu (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) (CVE-2015-4844) icu: Double free in...
9.8CVSS
6.9AI Score
0.057EPSS
RHEL 8 : 8.2_libtpms (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtpms: out-of-bounds access via specially crafted TPM 2 command packets (CVE-2021-3746) A stack...
6.5CVSS
7.4AI Score
0.001EPSS
RHEL 8 : fwupdate (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Use-after-free in rmmod command (CVE-2020-25632) grub2: Out-of-bounds write in...
8.2CVSS
9.2AI Score
0.002EPSS
Password confirmation stored in plain text via registration form in statamic/cms
Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...
1.8CVSS
6.2AI Score
0.0004EPSS
Password confirmation stored in plain text via registration form in statamic/cms
Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...
1.8CVSS
6.2AI Score
0.0004EPSS
A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of...
6CVSS
6.5AI Score
0.0004EPSS
7.5CVSS
6.7AI Score
0.013EPSS
7.5CVSS
7.1AI Score
EPSS
Moodle broken access control when setting calendar event type
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.3AI Score
0.0004EPSS
Moodle broken access control when setting calendar event type
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.3AI Score
0.0004EPSS
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.6AI Score
0.0004EPSS
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.4AI Score
0.0004EPSS
CVE-2024-33996 moodle: broken access control when setting calendar event type
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.3AI Score
0.0004EPSS