Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....
5.9CVSS
7AI Score
0.0004EPSS
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
4.4CVSS
5.4AI Score
0.0004EPSS
CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...
9.9CVSS
10AI Score
0.001EPSS
Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....
7AI Score
0.0004EPSS
K12201527: Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....
7.1AI Score
Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...
5.3CVSS
5.2AI Score
0.0004EPSS
CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...
9.9CVSS
10AI Score
0.001EPSS
tomcat security and bug fix update
An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...
7.1AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...
6.9AI Score
s-capetravel.eu Cross Site Scripting vulnerability OBB-3846946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....
9.8CVSS
9.8AI Score
EPSS
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...
3.3CVSS
3.9AI Score
0.0004EPSS
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...
5.3CVSS
5.3AI Score
0.001EPSS
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe...
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.8CVSS
7.1AI Score
0.001EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
Moderate: python-dns security update
The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...
6.7AI Score
0.0004EPSS
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.5CVSS
8.7AI Score
0.0005EPSS
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.5CVSS
7.8AI Score
0.0005EPSS
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...
7.5CVSS
7.2AI Score
0.0005EPSS
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.8CVSS
7AI Score
0.001EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...
9.8CVSS
9.5AI Score
0.003EPSS
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...
6.5CVSS
5.2AI Score
0.001EPSS
s-kiilto.fi Cross Site Scripting vulnerability OBB-3846950
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details...
7.5AI Score
0.0004EPSS
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.2AI Score
0.0004EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is...
9.8CVSS
9.7AI Score
0.968EPSS
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...
5.3CVSS
5.1AI Score
0.001EPSS
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...
8.8CVSS
8.9AI Score
0.002EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
9.8CVSS
6.8AI Score
EPSS
Exploit for OS Command Injection in Zyxel Atp100 Firmware
CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's...
9.8CVSS
7.2AI Score
0.919EPSS
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...
3.3CVSS
6.7AI Score
0.0004EPSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...
5.4CVSS
5.1AI Score
0.001EPSS
H5P metadata automatically populated the author with the user's username, which could be sensitive...
5.3CVSS
5.2AI Score
0.001EPSS
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...
8.8CVSS
8.9AI Score
0.002EPSS
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage...
7.8CVSS
7.4AI Score
0.0004EPSS
Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...
6.5CVSS
6.9AI Score
0.0004EPSS
Moderate: idm:DL1 and idm:client security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...
6.8CVSS
6.7AI Score
0.0004EPSS
Moderate: libXpm security update
X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...
5.5CVSS
6.8AI Score
0.0004EPSS
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw.....
6.1CVSS
5.8AI Score
0.001EPSS
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...
6.1CVSS
5.8AI Score
0.001EPSS
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted...
8.2CVSS
8.2AI Score
0.002EPSS
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...
9CVSS
8.7AI Score
0.421EPSS
Important: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...
7.8CVSS
7.9AI Score
0.0005EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
5.5CVSS
6.6AI Score
0.0004EPSS
Failure to strip relative path components in net/url
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the...
7.5CVSS
7.4AI Score
0.002EPSS
(RHSA-2024:3553) Important: nodejs : security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...
6.4AI Score
0.0004EPSS
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...
6.4AI Score
0.0004EPSS