CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/12/25 12:0 a.m.•2 views

PT-2024-28653 · Ibm · Ibm Engineering Lifecycle Optimization - Engineering Insights

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Engineering Insights versions 7.0.2 through 7.0.3 Description: The issue concerns the use of a web link with untrusted references to an external site, which could allow a remote attacker to expose...

9.8CVSS7AI score0.00208EPSS

Exploits0References6

CNNVD•added 2024/12/25 12:0 a.m.•1 views

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization - Engineering Insights ENI is a collaborative, Web-based application from IBM. An information disclosure vulnerability exists in IBM Engineering Lifecycle Optimization - Engineering Insights. The vulnerability is due to the fact that the affected version cou...

5.3CVSS6AI score0.00088EPSS

Qualys Blog•added 2024/12/12 5:48 p.m.•6 views

Qualys Performance Tuning Series: Remove Stale Compliance Data for the Best Performance

In our first post in the Performance Tuning Series, we talked about removing stale assets to improve performance. In this installment, we will address the benefits of removing data once it becomes stale. Why does data become stale? The IT environment of any enterprise is very dynamic, and more so...

7.2AI score

OSV•added 2024/12/12 8:10 a.m.•4 views

SUSE-SU-2024:4300-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

8.7CVSS7.4AI score0.00067EPSS

Exploits0References3

BDU FSTEC•added 2024/11/29 12:0 a.m.•1 views

The vulnerability of the library for optimizing machine learning models in Intel Neural Compressor lies in the failure to take measures to neutralize special elements in the template creation mechanism. This allows attackers to enhance their privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...

7CVSS5.5AI score0.00176EPSS

Positive Technologies•added 2024/11/22 12:0 a.m.•3 views

PT-2024-36892 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74 Description: A vulnerability in the Linux kernel has been resolved, specifically related to the LoongArch architecture and PREEMPT RT kernels. The issue arises from the replacement of normal spinlocks wit...

8.4CVSS6.7AI score0.02038EPSS

Exploits4References730

IBM Security Bulletins•added 2024/11/15 1:50 p.m.•13 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights ENI is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. In XML parsers, when XML...

8.2CVSS6.8AI score0.00086EPSS

Exploits0Affected Software1

CNNVD•added 2024/11/15 12:0 a.m.•0 views

IBM Engineering Lifecycle Optimization 代码问题漏洞

8.2CVSS6.8AI score0.00086EPSS

Oracle linux•added 2024/11/14 12:0 a.m.•29 views

python3.12 security update

3.12.5-2 - Security fix for CVE-2024-8088 Resolves: RHEL-55963 3.12.5-1 - Update to 3.12.5 - Security fix for CVE-2024-6923 Resolves: RHEL-53041 3.12.4-3 - Properly propagate the optimization flags to C extensions 3.12.4-2 - Build Python with -O3 -...

8.7CVSS6.9AI score0.01127EPSS

Oracle linux•added 2024/11/14 12:0 a.m.•27 views

python3.11 security update

3.11.9-7 - Security fix for CVE-2024-8088 Resolves: RHEL-55959 3.11.9-6 - Security fix for CVE-2024-6923 Resolves: RHEL-53038 3.11.9-5 - Properly propagate the optimization flags to C extensions 3.11.9-4 - Build Python with -O3 - https://fedoraproject.org/wiki/Changes/PythonbuiltwithgccO3 3.11.9-...

8.7CVSS7.9AI score0.01127EPSS

OSV•added 2024/11/11 2:15 p.m.•1 views

DEBIAN-CVE-2024-50263

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...

5.5CVSS5.9AI score0.00035EPSS

BDU FSTEC•added 2024/11/07 12:0 a.m.•2 views

The vulnerability of software for optimizing production processes in Location Intelligence, related to insufficiently secure data encryption, allows a intruder to gain unauthorized access to protected information.

The vulnerability of software for optimizing production processes in Location Intelligence is related to insufficiently secure data encryption. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

7.5CVSS5.4AI score0.00201EPSS

BDU FSTEC•added 2024/11/07 12:0 a.m.•1 views

The vulnerability of software solutions for optimizing production processes in Location Intelligence lies in the insufficient limitation on authentication attempts, allowing attackers to carry out attacks using brute-force methods.

The vulnerability of software for optimizing production processes in Location Intelligence is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows an attacker to carry out an attack using brute-force methods...

5.3CVSS5.4AI score0.00991EPSS

BDU FSTEC•added 2024/11/07 12:0 a.m.•1 views

The vulnerability of software for optimizing production processes in Location Intelligence, related to weak password requirements, allows attackers to gain access to confidential data.

The vulnerability of software for optimizing production processes in Location Intelligence is related to weak password requirements. Exploiting this vulnerability can allow attackers to access confidential data...

5.3CVSS5.5AI score0.00407EPSS

OSV•added 2024/11/01 3:15 p.m.•3 views

CVE-2024-48044

Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3...

8.8CVSS5.8AI score0.00244EPSS

The Hacker News•added 2024/10/29 11:0 a.m.•17 views

A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: "When you have eliminated the impossible, whatever remains, however improbable, must be the truth." Rather tha...

7.1AI score