Moderate: opencryptoki security update
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...
5.9CVSS
7.2AI Score
0.001EPSS
RHEL 8 : opencryptoki (RHSA-2024:1608)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1608 advisory. The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...
5.9CVSS
5.7AI Score
0.001EPSS
6.5CVSS
7AI Score
EPSS
Moderate: opencryptoki security update
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...
5.9CVSS
7.1AI Score
0.001EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS
8.8CVSS
7AI Score
0.006EPSS
Exploit for Server-Side Request Forgery in Anyscale Ray
PoC for a remote command execution vulnerability in Ray...
9.8CVSS
7.9AI Score
0.014EPSS
CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the admin_page function. This makes it possible for unauthenticated attackers to delete or duplicate existing audio or video players via a forged request granted they can trick a site....
6.7AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in python-requests, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin [CVE-2023-32681]. python-requests is used as a....
6.1CVSS
6AI Score
0.002EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in urllib3, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303 [ CVE-2023-45803]. urllib3 is used as a component of our Speech runtimes.....
4.2CVSS
5.8AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by potential sensitive information exposure in urllib3, caused by a flaw with cookie request header not stripped during cross-origin redirects. [CVE-2023-43804]. urllib3 is used as a component of our Speech...
8.1CVSS
5.9AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak [CVE-2024-21626]. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...
8.6CVSS
6.6AI Score
0.051EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog, caused by improper bounds checking by the TCP syslog server (receiver) components [ CVE-2022-24903]. Rsyslog is used as a component of our Speech runtimes. This...
8.1CVSS
8.3AI Score
0.107EPSS
Summary IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure (CVE-2017-20189) by upgrading to a non-vulnerable version. Vulnerability Details ** CVEID: CVE-2017-20189 DESCRIPTION: **Clojure could allow a remote authenticated attacker...
9.8CVSS
7.4AI Score
0.001EPSS
Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2017-11468 DESCRIPTION:...
9.8CVSS
8.9AI Score
0.963EPSS
Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status
Description The plugin does not sanitise and escape the post_status parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
7.1CVSS
6.3AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228-POC exploit CVE-2021-44228 ...
10CVSS
10AI Score
0.976EPSS
Cisco IOS XR Software SSH Privilege Escalation (cisco-sa-iosxr-ssh-privesc-eWDMKew3)
According to its self-reported version, Cisco IOS XR is affected by a vulnerability. A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated,...
7.8CVSS
6.9AI Score
0.0004EPSS
Summary OpenTelemetry go module is used by IBM Cloud Pak for Data Scheduling as part of the scheduler binaries. CVE-2023-45142, CVE-2023-47108. Vulnerability Details ** CVEID: CVE-2023-45142 DESCRIPTION: **OpenTelemetry OpenTelemetry-Go Contrib is vulnerable to a denial of service, caused by an...
7.5CVSS
6.9AI Score
0.001EPSS
Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details ** CVEID: CVE-2023-5528 DESCRIPTION: **Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system,...
8.8CVSS
7AI Score
0.001EPSS
Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling as part of the build process for the scheduler binaries . CVE-2023-39325. Vulnerability Details ** CVEID: CVE-2023-39325 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource...
7.5CVSS
7AI Score
0.002EPSS
Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in...
7.5CVSS
8.6AI Score
0.732EPSS
CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster...
10CVSS
8.3AI Score
0.002EPSS
(RHSA-2024:1411) Moderate: opencryptoki security update
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...
7.2AI Score
0.001EPSS
6.9AI Score
Exploit for Out-of-bounds Write in Haxx Libcurl
CVE-2023-38545: Curl Vulnerability Proof of Concept This...
9.8CVSS
7.4AI Score
0.003EPSS
RHEL 8 : opencryptoki (RHSA-2024:1411)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1411 advisory. The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...
5.9CVSS
5.7AI Score
0.001EPSS
Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-39320 DESCRIPTION: **Golang Go could allow a...
9.8CVSS
8.7AI Score
0.001EPSS
Summary Ansible-operator and opm are used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduling-operator and ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities....
9.8CVSS
9.5AI Score
0.005EPSS
Debian dla-3766 : libnvpair1linux - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3766 advisory. An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to...
7.5CVSS
6.8AI Score
0.002EPSS
Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.
Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details ** CVEID: CVE-2023-28527 DESCRIPTION: **IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could...
8.4CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.7AI Score
0.0004EPSS
Cisco IOS XR Software SSH Privilege Escalation Vulnerability
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...
9.8CVSS
8.7AI Score
0.018EPSS
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...
9.8CVSS
9.9AI Score
0.001EPSS
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...
5.3CVSS
5.3AI Score
0.0005EPSS
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...
5.3CVSS
7AI Score
0.0005EPSS
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...
9.8CVSS
8.1AI Score
0.001EPSS
CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...
9.8CVSS
10AI Score
0.001EPSS
CVE-2024-2412 Heimavista Rpage and Epage - Broken Access Control
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...
5.3CVSS
5.7AI Score
0.0005EPSS