Image Builder security, bug fix, and enhancement update
cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream...
7.5CVSS
0.1AI Score
0.002EPSS
Oracle Linux 9 : Image / Builder (ELSA-2022-7950)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a...
7.5CVSS
7.5AI Score
0.002EPSS
WordPress Newspaper < 12 - Cross-Site Scripting
WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...
6.1CVSS
6AI Score
0.001EPSS
Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....
7.5CVSS
7.7AI Score
0.002EPSS
(RHSA-2022:7950) Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....
7.8AI Score
0.002EPSS
Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....
7.5CVSS
7.8AI Score
0.002EPSS
Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....
7.5CVSS
7.7AI Score
0.002EPSS
Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303)
Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
8.8CVSS
8.9AI Score
0.013EPSS
Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)
Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...
8.8CVSS
8.3AI Score
0.022EPSS
Unauthenticated stored XSS via username & name parameters
There is a stored XSS vulnerability due to improper sanitization of usernames. Vulnerable code User.php line 532: ```php public function isValidLogin(string $login): bool { $login = (string)$login; if (strlen($login) < $this->loginMinLength || !preg_match($this->validUsername,...
-0.6AI Score
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....
4.4CVSS
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....
4.4CVSS
4.6AI Score
0.0004EPSS
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...
9.8CVSS
2.3AI Score
0.003EPSS
WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan (Techlab Corporation) in WordPress tagDiv Composer plugin (versions < 3.5). Solution Update the WordPress tagDiv Composer plugin to the latest available version (at least...
9.8CVSS
3.2AI Score
0.003EPSS
zoneminder is vulnerable to cross-site scripting. The vulnerability is possible by backing out of the current "tr" "td" brackets which allows an attacker to inject and execute code that will execute when a user views the specific log on the "view=log"...
5.4CVSS
5.6AI Score
0.001EPSS
Member Hero <=1.0.9 - Remote Code Execution
WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...
9.8CVSS
10AI Score
0.284EPSS
-0.1AI Score
-0.3AI Score
AI Score
-0.2AI Score
espace-evasion-delmoly.com Cross Site Scripting vulnerability OBB-2998933
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
espace-couture.fr Cross Site Scripting vulnerability OBB-2990906
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
8.8CVSS
9.1AI Score
0.013EPSS
0.3AI Score
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
5.3AI Score
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
5.5AI Score
0.001EPSS