PT-2024-28656 · Ibm · Ibm Mq Operator

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 Description: The issue allows a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Recommendations: For IBM MQ Operator version 2.0.24,...

PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...

CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...

PT-2024-37382 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...

net: tls: fix use-after-free with partial reads and async decrypt

...

PT-2024-27873 · Concept Intermedia · S@M Cms

Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a Reflected XSS vulnerability that can be exploited by including scripts in requested file names. It is noted that only a part of the observed services...

MAL-2024-6825 Malicious code in chef-partial-search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in chef-partial-search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

graalvm: unauthorized ability to cause a partial denial of service

A vulnerability was found in GraalVM and Mandrel Community Edition. Successful attacks of this vulnerability can result in the unauthorized ability to cause a partial denial of service partial DOS...

graalvm: unauthorized ability to cause a partial denial of service

A vulnerability was found in GraalVM and Mandrel Community Edition. Successful attacks of this vulnerability can result in the unauthorized ability to cause a partial denial of service partial DOS...

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'displayticketthemespage' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

GO-2024-2716 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb...

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...

OESA-2024-1674 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22;...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Partial Password Leakage

ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the password...

Important: java-11-openjdk

Issue Overview: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows...