Spectrum Power™ 5 Security Vulnerabilities
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in...
EPSS
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in...
7.1AI Score
EPSS
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...
5.3CVSS
6.3AI Score
0.002EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
CVE-2023-25761 affecting package junit 4.13-5
CVE-2023-25761 affecting package junit 4.13-5. No patch is available...
5.4CVSS
7.5AI Score
0.001EPSS
CVE-2024-27304 affecting package telegraf for versions less than 1.28.5-5
CVE-2024-27304 affecting package telegraf for versions less than 1.28.5-5. A patched version of the package is...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2023-22466 affecting package netavark 1.0.3-5
CVE-2023-22466 affecting package netavark 1.0.3-5. This CVE either no longer is or was never...
5.4CVSS
5.9AI Score
0.001EPSS
CVE-2022-34176 affecting package junit 4.13-5
CVE-2022-34176 affecting package junit 4.13-5. No patch is available...
5.4CVSS
5.9AI Score
0.001EPSS
CVE-2022-28506 affecting package giflib 5.2.1-5
CVE-2022-28506 affecting package giflib 5.2.1-5. This CVE either no longer is or was never...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
0.003EPSS
CVE-2020-8908 affecting package guava 25.0-5
CVE-2020-8908 affecting package guava 25.0-5. This CVE either no longer is or was never...
3.3CVSS
6.7AI Score
0.001EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
0.003EPSS
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.2AI Score
0.007EPSS
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2022-45380 affecting package junit 4.13-5
CVE-2022-45380 affecting package junit 4.13-5. No patch is available...
5.4CVSS
5.9AI Score
0.001EPSS
CVE-2021-3716 affecting package nbdkit 1.20.7-5
CVE-2021-3716 affecting package nbdkit 1.20.7-5. This CVE either no longer is or was never...
3.1CVSS
7.5AI Score
0.001EPSS
CVE-2010-4226 affecting package cpio 2.13-5
CVE-2010-4226 affecting package cpio 2.13-5. This CVE either no longer is or was never...
6.8AI Score
0.003EPSS
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.004EPSS
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2023-25136 affecting package openssh 8.9p1-5
CVE-2023-25136 affecting package openssh 8.9p1-5. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.009EPSS
CVE-2022-2989 affecting package podman 4.1.1-5
CVE-2022-2989 affecting package podman 4.1.1-5. This CVE either no longer is or was never...
7.1CVSS
7.8AI Score
0.0005EPSS
CVE-2019-25051 affecting package aspell 0.60.8-5
CVE-2019-25051 affecting package aspell 0.60.8-5. This CVE either no longer is or was never...
7.8CVSS
7.7AI Score
0.001EPSS
CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5
CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2022-30699 affecting package unbound 1.10.0-5
CVE-2022-30699 affecting package unbound 1.10.0-5. No patch is available...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-30698 affecting package unbound 1.10.0-5
CVE-2022-30698 affecting package unbound 1.10.0-5. No patch is available...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-4904 affecting package python-gevent 1.3.6-5
CVE-2022-4904 affecting package python-gevent 1.3.6-5. No patch is available...
8.6CVSS
9.5AI Score
0.001EPSS
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never...
7.5CVSS
8.4AI Score
0.004EPSS
CVE-2018-25078 affecting package man-db 2.8.4-5
CVE-2018-25078 affecting package man-db 2.8.4-5. This CVE either no longer is or was never...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...
7.5CVSS
8.8AI Score
0.732EPSS
CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5
CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...
5.3CVSS
5.7AI Score
0.002EPSS
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
Remote Code Execution (RCE) vulnerability in geoserver
Summary Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls...
9.8CVSS
8AI Score
EPSS
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed.....
5.5CVSS
6.9AI Score
0.026EPSS
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is....
7.5CVSS
7.2AI Score
EPSS
Upcoming Book on AI and Democracy
If you've been reading my blog, you've noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that we're writing a book on the topic. This isn't a book about deep fakes, or misinformation. This is a book about what happens when...
7.3AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related...
5.9CVSS
7.5AI Score
0.001EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could...
5.4CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of...
5.4CVSS
5.4AI Score
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in.....
5.4CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in.....
5.4CVSS
5.7AI Score
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental...
5.4CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of...
5.4CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental...
5.4CVSS
5.5AI Score
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could...
5.4CVSS
5.6AI Score
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST...
4.3CVSS
4.8AI Score
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST...
4.3CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance...
7.1CVSS
EPSS
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk....
6.5CVSS
6.4AI Score
EPSS