libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004) libssh: Missing checks for return values for digests...
5.3CVSS
7AI Score
0.001EPSS
Moderate: python-pillow security update
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...
7.5CVSS
6.5AI Score
0.001EPSS
Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.1CVSS
7.2AI Score
0.0004EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
8.1CVSS
6.8AI Score
0.009EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7.8CVSS
6.5AI Score
0.001EPSS
Moderate: libX11 security update
The libX11 packages contain the core X11 protocol client library. Security Fix(es): libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785) libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786) libX11: integer overflow in XCreateImage() leading to a...
7.8CVSS
7AI Score
0.0004EPSS
Moderate: python-pillow security update
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...
7.5CVSS
6.4AI Score
0.001EPSS
Moderate: motif security update
The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM...
5.5CVSS
6.2AI Score
0.0004EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
8.1CVSS
6.7AI Score
0.009EPSS
Moderate: mutt security update
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...
6.5CVSS
6.4AI Score
0.001EPSS
Moderate: mutt security update
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...
6.5CVSS
6.5AI Score
0.001EPSS
s-graphi.co.jp Improper Access Control vulnerability OBB-3844161
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): openssh: scp allows command injection when using backtick characters in the destination...
7.8CVSS
7.1AI Score
0.004EPSS
Important: pmix security update
The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...
8.1CVSS
6.5AI Score
0.001EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7.8CVSS
6.6AI Score
0.001EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct...
4.3CVSS
4.7AI Score
0.0004EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.4AI Score
0.001EPSS
s-prize-sakura.jp Improper Access Control vulnerability OBB-3845564
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...
5.3CVSS
5.8AI Score
0.0004EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
An update is available for 389-ds-base, module.389-ds-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 (LDAPv3)...
5.5CVSS
6.9AI Score
0.0004EPSS
An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of.....
7AI Score
0.0004EPSS
Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....
8.7CVSS
8.6AI Score
0.001EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
(RHSA-2024:3299) Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
6.9AI Score
0.0005EPSS
K000139810: Oracle Java vulnerability CVE-2024-20919
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....
5.9CVSS
5.9AI Score
0.0005EPSS
K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...
5.3CVSS
7.2AI Score
0.0004EPSS
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the.....
6.5CVSS
7.3AI Score
0.0004EPSS
Moodle broken access control when setting calendar event type
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
6.3AI Score
0.0004EPSS
Moderate: libX11 security update
The libX11 packages contain the core X11 protocol client library. Security Fix(es): libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785) libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786) libX11: integer overflow in XCreateImage() leading to a...
7.8CVSS
7.2AI Score
0.0004EPSS
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)...
7.8CVSS
6.7AI Score
0.0005EPSS
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)...
7.8CVSS
6.8AI Score
0.0005EPSS
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004) libssh: Missing checks for return values for digests...
5.3CVSS
6.8AI Score
0.001EPSS
Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
6.8AI Score
0.0005EPSS
Moderate: motif security update
The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM...
5.5CVSS
6.4AI Score
0.0004EPSS
(RHSA-2024:3318) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) For more details about the security issue(s), including the impact, a CVSS score,...
6.7AI Score
0.011EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory.....
5.9CVSS
6.2AI Score
0.0004EPSS
K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...
5.3CVSS
7.1AI Score
0.0004EPSS
Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...
7.5CVSS
6.8AI Score
0.001EPSS
Moodle Logout CSRF in admin/tool/mfa/auth.php
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via...
6.4AI Score
0.0004EPSS
Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2019-10086 DESCRIPTION:...
7.3CVSS
8.2AI Score
0.973EPSS
typo3/cms is vulnerable to Denial of Service (DoS). The vulnerability is caused by allowing an excessively high maximum result limit in TYPO3's Indexed Search component. This flaw potentially enables attackers to execute a Denial of Service (DoS)...
7.2AI Score
Moodle Improper Input Validation
Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used...
6.5AI Score
0.0004EPSS
An update is available for booth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...
7.4CVSS
7.2AI Score
0.001EPSS
An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...
7.8CVSS
7.8AI Score
0.0005EPSS
Check point:CVE-2024-24919 ...
8.6CVSS
6.5AI Score
0.945EPSS
s-daniele.it Improper Access Control vulnerability OBB-3844136
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to...
7CVSS
7.2AI Score
0.0004EPSS
Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...
4.3CVSS
7.1AI Score
0.001EPSS