Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details ** CVEID: CVE-2023-48795 DESCRIPTION: **OpenSSH is vulnerable to a...
5.9CVSS
6.4AI Score
0.963EPSS
malicious container creates symlink "mtab" on the host External
Impact A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. A workload built from this Dockerfile: ``` FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM...
8.1CVSS
6.7AI Score
0.0004EPSS
(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty
CVE-2024-31497 POC This vulnerability exploits the biased...
5.9CVSS
5.6AI Score
0.002EPSS
Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2017-15708 DESCRIPTION:...
9.8CVSS
10AI Score
0.967EPSS
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....
9.1CVSS
7.7AI Score
0.004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.3CVSS
5.7AI Score
0.0004EPSS
Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...
7.4CVSS
7.1AI Score
0.001EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-48795
Summary This affects the BMC's secure shell (SSH) interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection...
5.9CVSS
7AI Score
0.963EPSS
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...
7.5CVSS
6.8AI Score
0.002EPSS
Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
6.9AI Score
0.0004EPSS
Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
7.4AI Score
0.0004EPSS
(RHSA-2024:3303) Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
6.9AI Score
0.0005EPSS
F5 Enterprise Manager - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927
F5 Networks Enterprise Manager is prone to a remote code execution (RCE)...
6.5AI Score
0.099EPSS
Multiple F5 Networks Products are prone to a remote code execution (RCE)...
6.5AI Score
0.099EPSS
Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)
Summary IBM QRadar SIEM is vulnerable to AJP Smuggling to Response Queue Poisoning. This vulnerability has been addressed in the update. Vulnerability Details ** CVEID: CVE-2022-26377 DESCRIPTION: **Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent...
7.5CVSS
8.5AI Score
0.006EPSS
Moderate: grub2 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): grub2:...
7.8CVSS
6.9AI Score
0.001EPSS
Moodle - Cross-Site Scripting/Remote Code Execution
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...
6.5CVSS
5.9AI Score
0.016EPSS
VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows...
1.8AI Score
(RHSA-2024:3318) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) For more details about the security issue(s), including the impact, a CVSS score,...
6.7AI Score
0.002EPSS
(RHSA-2024:3319) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086) kernel: hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982) For more...
6.8AI Score
0.002EPSS
K000139525: Libexpat vulnerability CVE-2022-43680
Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680) Impact System performance degradation can occur until the process is forced to restart.....
6.7AI Score
0.004EPSS
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...
6.5CVSS
6.8AI Score
0.0004EPSS
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...
7.5CVSS
8AI Score
0.002EPSS
Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...
5.3CVSS
5.7AI Score
0.0005EPSS
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary...
9.6CVSS
9AI Score
0.001EPSS
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...
9.1CVSS
6.7AI Score
0.003EPSS
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a.....
5.4CVSS
5.5AI Score
0.002EPSS
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.1CVSS
5.9AI Score
0.0004EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...
6.5AI Score
0.0004EPSS
Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
8.8CVSS
6.9AI Score
0.0005EPSS
9.8CVSS
8.8AI Score
0.975EPSS
(RHSA-2024:3341) Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.5AI Score
0.001EPSS
Summary Potentialcode execution vulnerability in Apache Commons Configuration ( CVE-2024-29131) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.5AI Score
0.0004EPSS
Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on...
9.8CVSS
8AI Score
0.001EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...
8.2CVSS
6.9AI Score
0.0004EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
ConfluentPwn Confluence pre-auth ONGL injection remote code...
10.3AI Score
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
6.9AI Score
0.001EPSS
Citrix Bleed - Leaking Session Tokens
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA...
9.4CVSS
8.3AI Score
0.971EPSS
MobileIron Core - Remote Unauthenticated API Access
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter...
9.8CVSS
9.6AI Score
0.968EPSS
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application...
7.3CVSS
8.1AI Score
0.004EPSS
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
7.8CVSS
7.7AI Score
EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.6AI Score
0.05EPSS
Summary IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188(Malicious File Upload). Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details ** CVEID: CVE-2023-45188 DESCRIPTION: **IBM Engineering.....
6.5CVSS
7.1AI Score
0.0004EPSS
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if attribute...
7.5CVSS
6.7AI Score
0.005EPSS
Summary IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.(CVE-2024-23944) Vulnerability Details ** CVEID: CVE-2024-23944 DESCRIPTION: **Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in...
5.4AI Score
0.0004EPSS
Exploit for Cleartext Storage of Sensitive Information in Mremoteng
mRemoteNG <= v1.77.3.1784-NB Password Dumper...
7.5CVSS
8AI Score
0.003EPSS
malicious container creates symlink "mtab" on the host External
Impact A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. A workload built from this Dockerfile: ``` FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM...
8.1CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)
Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....
6.2CVSS
7.3AI Score
0.0005EPSS
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the...
6.5CVSS
7.2AI Score
0.016EPSS