Lucene search
K

21277 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:17 a.m.78 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions,...

9.8CVSS9.7AI score0.93305EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:16 a.m.42 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-38263 DESCRIPTION: IBM SOAR QRadar Plugin App could allow an...

9.8CVSS7.6AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:13 a.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java PF4J. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40828 DESCRIPTION: Plugin Framework for Java PF4J coul...

7.5CVSS7.9AI score0.01492EPSS
Exploits2Affected Software1
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.5 views

Measuring Computational Universality of Fully Homomorphic Encryption

Many real-world applications, such as machine learning and graph analytics, involve combinations of linear and non-linear operations. As these applications increasingly handle sensitive data, there is a significant demand for privacy-preserving computation techniques capable of efficiently...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.4 views

Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction

The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.3 views

The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections

A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...

6.8AI score
Exploits0
OSV
OSV
added 2025/04/14 11:3 a.m.7 views

BIT-GIT-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

8.8CVSS8.3AI score0.00494EPSS
Exploits1References3
OSV
OSV
added 2025/04/14 11:3 a.m.15 views

BIT-GIT-2024-50349 Git does not sanitize URLs when asking for credentials interactively

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

4.7CVSS6.6AI score0.00643EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.6 views

The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE allow attackers to execute arbitrary code.

The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote...

6.5CVSS5.9AI score0.00751EPSS
Exploits0References2Affected Software3
Rosalinux
Rosalinux
added 2025/04/11 9:49 p.m.35 views

Advisory ROSA-SA-2025-2804

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...

9.8CVSS8.2AI score0.99957EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2025/04/11 9:55 a.m.5 views

SUSE CVE-2012-0419

Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request...

5CVSS7AI score0.41841EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2025/04/11 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.01019EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/04/11 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.01019EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.10 views

EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1356)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

9.3CVSS7.7AI score0.10047EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.20 views

EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1355)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

9.3CVSS7.7AI score0.10047EPSS
Exploits3References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 10:11 a.m.24 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

8.8CVSS7.6AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 7:49 a.m.30 views

Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB, Python, Samba, OpenSSL and cURL libcurl affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in libcurl, MongoDB, Python, Samba, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing...

8CVSS9.5AI score0.00979EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2025/04/09 9:5 p.m.9 views

Brave Software: Prompt Injection via GitHub Patch in Brave AI Chat (Leo)

Component: Brave AI Chat brave-core/components/aichat/ Severity: High Confirmed ability to override AI instructions and persona via fetched content Vulnerability Summary The Brave AI Chat feature allows fetching .patch files from GitHub pull request pages to use as context. A combination of...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/09 1:14 p.m.10 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

5.8CVSS7.1AI score0.10608EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2025/04/09 4:0 a.m.4 views

Path Traversal

go.rgst.io/stencil/v2 is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths during archive extraction, which allows directory traversal sequences like ../ to write files outside the intended extraction directory...

7AI score
Exploits0
Rows per page
Query Builder