Lenovo Ibm Bladecenter Hs22, Hs22v, Hs23, Hs23e, Hx5 Earlier Than 66z Security Vulnerabilities
Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....
8.4AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...
6.8AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is...
6.5CVSS
5.3AI Score
0.001EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...
7.5CVSS
8.1AI Score
0.732EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources...
7.5CVSS
8.5AI Score
0.732EPSS
Summary IBM Event Streams is vulnerable to a Broken Access Control attack and Post Exploitation attacks due to the JetBrains Kotlin component. JetBrains Kotlin is used in event streams to simplify the development process with its concise syntax, enhance code safety with nullability features, and...
5.3CVSS
6.7AI Score
0.001EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details **...
5.4CVSS
5.5AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to a Broken Access Control due to the Node.js follow-redirects module. follow-redirects provides request and get methods that behave identically to those found on the native http and https modules. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:.....
6.5CVSS
6.1AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...
7.5CVSS
6.5AI Score
0.001EPSS
CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.3AI Score
0.0004EPSS
CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.3AI Score
0.0004EPSS
WikiLeaks' Julian Assange Released from U.K. Prison, Heads to Australia
WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information" in its history. Capping off a...
6.8AI Score
Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....
7.5CVSS
6.4AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxlr_pmem leaks Before this error path, cxlr_pmem pointed to a kzalloc() memory, free it to avoid this memory...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...
7.8CVSS
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following splat:.....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a...
4.7CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...
6.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submitted list is not updated soon enough, and the DMA callback is triggered before that. This can lead to kernel.....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...
7.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of ->lqueued is re-ordered with READ of 'bisc->lnod...
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 XSS (7158662)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7158662 advisory. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
4.8CVSS
5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not...
7.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to.....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition i...
7.4AI Score
0.0004EPSS
MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod —...
7AI Score
0.0004EPSS
Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...
8.4CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug.....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...
7AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parse_btf_field() btf_find_struct_member() might return NULL or an error via the ERR_PTR() macro. However, its caller in parse_btf_field() only checks for the NULL condition. Fix this by using...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0004EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.4AI Score
0.001EPSS