Exploiting BLURtooth [CVE-2020-15802] on a Pixel 6
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.2AI Score
0.001EPSS
[Out of Bounds Write in read_attr_value Function in gatt_db.cc in Bluetooth]
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.8AI Score
0.001EPSS
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.7AI Score
0.0004EPSS
[OOB write in L2CAP Bluetooth stack]
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.001EPSS
Rosario Student Information System Unauthenticated SQL Injection
An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear...
9.8CVSS
9.9AI Score
0.044EPSS
cockpit bug fix and enhancement update
An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
October System module has a Reflected XSS via X-October-Request-Handler Header
Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...
3.1CVSS
6.4AI Score
0.0004EPSS
October System module has an Open Redirect for Administrator Accounts
Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an open redirect outside the scope of the active host. This...
3.5CVSS
6.7AI Score
0.001EPSS
Health Service (Monitoring Host) Handle Count has exceeded the threshold
This article describes the nature of "Health Service (Monitoring Host) Handle Count has exceeded the threshold" alert and possible course of action if you see...
1.8AI Score
Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,.....
7.8CVSS
8.4AI Score
0.002EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....
8.8CVSS
6.3AI Score
0.0004EPSS
7.1AI Score
Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...
8.3CVSS
8.4AI Score
0.001EPSS
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
8.8CVSS
9.5AI Score
0.015EPSS
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.5AI Score
0.0004EPSS
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.4AI Score
0.0004EPSS
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.6AI Score
0.001EPSS
gnutls is vulnerable to Information Exposure. The vulnerability is due to differential response times to malformed ciphertexts versus correctly padded PKCS#1 v1.5 ciphertexts during RSA-PSK ClientKeyExchange. This behavior allows an remote attacker to perform a timing side-channel attack,...
7.5CVSS
7AI Score
0.008EPSS
Intel(R) Atom(R) Processors are vulnerable to information exposure through microarchitectural state after transient execution. The vulnerability is due to certain register files, which, when accessed by an authenticated user, may potentially enable information disclosure via local...
6.5CVSS
6AI Score
0.0004EPSS
github.com/hashicorp/go-retryablehttp is vulnerable to Information Disclosure . The vulnerability is due to improper sanitization of URLs when writing them to the log file, allowing an attacker to potentially access sensitive HTTP basic auth...
6CVSS
6.4AI Score
0.0004EPSS
Malicious code in co-pilot-auth_web (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d490be43502540c62a740310c0ab3d38a35220e7b32f029a0c7e79e191104015) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to...
5.4CVSS
6.5AI Score
0.001EPSS
7.4AI Score
typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection...
7.2AI Score
Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions (CVE-2023-44487, CVE-2024-25026) and two instances of weaker than expected security (CVE-2023-50312, CVE-2023-46158) due to WebSphere Application Server Liberty. WebSphere Application Server...
9.8CVSS
7.8AI Score
0.732EPSS
7.4AI Score
SonarQube is vulnerable to exposure of encrypted values in cleartext. The vulnerability is due to encrypted values generated using the Settings Encryption feature being exposed in URL parameters in logs, allowing attackers with access to SonarQube logs or proxy logs to view sensitive...
4.9CVSS
6.5AI Score
0.0004EPSS
Quarkus-core is vulnerable to Information Exposure. The vulnerability is due to the capture of local environment variables from the Quarkus namespace during the build process, leading to applications inheriting potentially sensitive or test-specific settings at...
7CVSS
6.8AI Score
0.0004EPSS
Malicious code in scm-design-system-cra (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a41692a79d6b73b049dbff75d56c8a18218a4878d024ef4c0da7b19b16ebab3a) The OpenSSF Package Analysis project identified 'scm-design-system-cra' @ 0.1.1 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
moodle/moodle is vulnerable to Information Disclosure. The vulnerability is caused due to the cURL wrapper in Moodle failing to clear HTTP authorization headers when following redirects, potentially exposing sensitive authentication information to unintended...
6.6AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server...
7.2CVSS
7.6AI Score
0.001EPSS
github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability is due to the output of cilium-bugtool containing sensitive data when the tool is run with the --envoy-dump flag in deployments where the Envoy proxy is enabled. Attackers who gain access to this output could...
7.9CVSS
6.8AI Score
0.0004EPSS
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.5AI Score
0.001EPSS
org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...
6.5CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
0.0004EPSS
zsa is vulnerable to Information Exposure Through Error Message. The vulnerability is due to the application transferring the parse error stack from the server to the client in production build mode, potentially revealing sensitive server...
4CVSS
6.5AI Score
0.0004EPSS
xen is vulnerable to Information Disclosure. Under specific micro architectural circumstances, an attacker is able to potentially access sensitive user...
5.5CVSS
6.7AI Score
0.001EPSS
xen is vulnerable to Information Disclosure. This vulnerability occurs when an attacker can influence the return address prediction of a victim's process which could allow the attacker to gain access to sensitive information in the victim's...
4.7CVSS
6.7AI Score
0.0004EPSS
Firefox is vulnerable to Information Exposure. The vulnerability is due to error messages generated during importing resources using Web Workers, distinguish the difference between application/javascript responses and non-script responses. This can be abused to learn information...
6.7AI Score
0.0004EPSS
KeyCloak - Information Exposure
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...
6.5CVSS
6.4AI Score
0.117EPSS
Firefox is vulnerable to Information Exposure. The vulnerability is caused due to IndexedDB files are not properly deleted when the window was closed when browser.privatebrowsing.autostart preference is enabled. This preference is disabled by default in...
6.9AI Score
0.0004EPSS
Sensitive Information Disclosure
urllib3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the Proxy-Authorization header, which is not removed on cross-origin redirects, which could allow an attacker to expose sensntive authentication material to unintended hosts. Note that this.....
4.4CVSS
4.7AI Score
0.0004EPSS
sanitize-html is vulnerable to Information Exposure. The vulnerability is due to the parsing of CSS through the style attribute without disabling source maps, which can allow attackers to infer the file system structure and dependencies of the...
5.3CVSS
6.7AI Score
0.0004EPSS
xen is vulnerable to Information Disclosure. The vulnerability exists due to a division-by-zero error on some AMD processors which allows an attacker to gain access to speculative...
5.5CVSS
6.8AI Score
0.001EPSS
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor...
7.5CVSS
7.3AI Score
0.001EPSS
Sensitive Information Disclosure
github.com/rancher/rke is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to insecure cluster state storage in a publicly accessible configmap called full-cluster-state inside the kube-system namespace, which allows an attacker without administrative privileges to...
6.5AI Score
EPSS
7.5CVSS
7.9AI Score
0.005EPSS
Malicious code in nespresso-design-system (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e4df4d16cd100a965fef42c58150e9688849a5acfa8de2f809b3ed66f5ef9f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score