7.5AI Score
7.5AI Score
7.2AI Score
EPSS
5.3CVSS
6AI Score
0.001EPSS
CVE-2022-1941 affecting package protobuf 3.17.3-2
CVE-2022-1941 affecting package protobuf 3.17.3-2. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2021-22570 affecting package protobuf 3.14.0-1
CVE-2021-22570 affecting package protobuf 3.14.0-1. No patch is available...
6.5CVSS
7AI Score
0.0004EPSS
CVE-2022-1941 affecting package protobuf 3.14.0-1
CVE-2022-1941 affecting package protobuf 3.14.0-1. No patch is available...
7.5CVSS
9.9AI Score
0.002EPSS
RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
8.3CVSS
6.1AI Score
0.0004EPSS
RHEL 9 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built...
2.7CVSS
4.6AI Score
0.0004EPSS
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
9.8CVSS
10AI Score
EPSS
7.1AI Score
7.1AI Score
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to.....
7AI Score
0.0004EPSS
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...
8.5AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
0.019EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to.....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to.....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to.....
6.6AI Score
0.0004EPSS
CVE-2024-38549 drm/mediatek: Add 0 size check to mtk_drm_gem_obj
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to.....
0.0004EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...
9.8CVSS
10.1AI Score
EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.2CVSS
9.7AI Score
EPSS
software: emacs 28.1 WASP: ROSA-CHROME package_evr_string: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir...
9.8CVSS
7.9AI Score
0.002EPSS
container-tools:rhel8 security update
An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...
8.6CVSS
6AI Score
0.002EPSS
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...
8.6CVSS
5.6AI Score
0.002EPSS
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....
8.6CVSS
6AI Score
0.002EPSS
AlmaLinux 9 : ruby (ALSA-2024:3838)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...
8.8CVSS
7.8AI Score
EPSS
A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized...
7.5CVSS
6.7AI Score
0.002EPSS
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>
5.3CVSS
6.7AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
6.7AI Score
0.0004EPSS
RHEL 9 : ruby (RHSA-2024:3838)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
8.8CVSS
8.1AI Score
EPSS
RHEL 8 : protobuf-c (RHSA-2024:3812)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fix(es): * protobuf-c: unsigned integer overflow in...
5.5CVSS
7AI Score
0.0004EPSS
Moderate: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0). (AlmaLinux-35740) Security Fix(es): ruby/cgi-gem: HTTP response.....
8.8CVSS
7AI Score
EPSS
Moderate: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0). (AlmaLinux-35740) Security Fix(es): ruby/cgi-gem: HTTP response.....
8.8CVSS
9AI Score
EPSS
Fedora: Security Advisory for qt6-qtgrpc (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.001EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.001EPSS
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2024:3636)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3636 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...
7.5CVSS
7.6AI Score
0.963EPSS
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:3635)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3635 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...
7.5CVSS
7.6AI Score
0.963EPSS
RHEL 8 : Red Hat Product OCP Tools 4.14 OpenShift Jenkins (RHSA-2024:3634)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3634 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...
7.5CVSS
6.8AI Score
0.963EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
6.5AI Score
0.0005EPSS
RHEL 9 : grafana (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grafana: session control failure may lead to information disclosure (CVE-2022-32275) protobufjs:...
9.8CVSS
7.3AI Score
0.007EPSS
RHEL 7 : servicemesh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) Note that Nessus has not...
8.6CVSS
9.1AI Score
0.008EPSS
RHEL 6 : rubygems (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. RubyGems: Specially-crafted Gem archive can overwrite system files (CVE-2007-0469) rubygems: Improper...
7.5CVSS
7.5AI Score
0.022EPSS
RHEL 9 : protobuf-c (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. protobuf-c: invalid arithmetic shift via the function parse_tag_and_wiretype may lead to DoS (CVE-2022-33070) ...
5.5CVSS
6.6AI Score
0.001EPSS
RHEL 8 : protobuf-c (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. protobuf-c: invalid arithmetic shift via the function parse_tag_and_wiretype may lead to DoS (CVE-2022-33070) ...
5.5CVSS
9.5AI Score
0.001EPSS
RHEL 6 : jruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073) Note that Nessus...
7.5CVSS
7.3AI Score
0.006EPSS
RHEL 6 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rubygem-bundler: Code execution via gem name collision in bundler (CVE-2016-7954) Note that Nessus has not tested...
9.8CVSS
9.7AI Score
0.009EPSS
RHEL 7 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rubygem-bundler: Code execution via gem name collision in bundler (CVE-2016-7954) Note that Nessus has not tested...
9.8CVSS
9.7AI Score
0.009EPSS