Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:45 PM
almalinux
almalinux

Low: c-ares security update

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

4.4CVSS

5.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

9.9CVSS

10AI Score

0.001EPSS

2024-06-14 07:13 AM
71
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....

7AI Score

0.0004EPSS

2024-06-07 06:51 AM
2
f5
f5

K12201527: Overview of Quarterly Security Notifications

Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....

7.1AI Score

2021-11-03 12:00 AM
10
ibm
ibm

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-07 07:32 PM
githubexploit
githubexploit

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

9.9CVSS

10AI Score

0.001EPSS

2024-05-01 01:58 AM
322
rocky
rocky

tomcat security and bug fix update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
ibm
ibm

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...

6.9AI Score

2024-06-06 04:18 PM
1
openbugbounty
openbugbounty

s-capetravel.eu Cross Site Scripting vulnerability OBB-3846946

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-01 09:37 AM
4
osv
osv

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....

9.8CVSS

9.8AI Score

EPSS

2024-06-14 01:59 PM
osv
osv

CVE-2023-5551

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...

3.3CVSS

3.9AI Score

0.0004EPSS

2023-11-09 08:15 PM
4
osv
osv

CVE-2023-5548

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...

5.3CVSS

5.3AI Score

0.001EPSS

2023-11-09 08:15 PM
3
osv
osv

CVE-2023-5541

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe...

6.1CVSS

6AI Score

0.001EPSS

2023-11-09 08:15 PM
4
osv
osv

CVE-2023-5547

The course upload preview contained an XSS risk for users uploading unsafe...

6.1CVSS

6AI Score

0.001EPSS

2023-11-09 08:15 PM
6
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-11 12:00 AM
github
github

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
14
osv
osv

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

6.7AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

8.7AI Score

0.0005EPSS

2024-06-05 12:00 AM
4
almalinux
almalinux

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

7.8AI Score

0.0005EPSS

2024-06-05 12:00 AM
7
osv
osv

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...

7.5CVSS

7.2AI Score

0.0005EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...

9.8CVSS

9.5AI Score

0.003EPSS

2023-11-09 08:15 PM
4
osv
osv

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...

6.5CVSS

5.2AI Score

0.001EPSS

2023-11-09 08:15 PM
6
openbugbounty
openbugbounty

s-kiilto.fi Cross Site Scripting vulnerability OBB-3846950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-01 11:37 AM
4
osv
osv

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details...

7.5AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
7
nuclei
nuclei

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is...

9.8CVSS

9.7AI Score

0.968EPSS

2023-07-28 09:38 PM
12
osv
osv

CVE-2023-5549

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...

5.3CVSS

5.1AI Score

0.001EPSS

2023-11-09 08:15 PM
5
osv
osv

CVE-2023-5540

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...

8.8CVSS

8.9AI Score

0.002EPSS

2023-11-09 08:15 PM
6
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

9.8CVSS

6.8AI Score

EPSS

2024-06-14 01:59 PM
5
githubexploit
githubexploit

Exploit for OS Command Injection in Zyxel Atp100 Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's...

9.8CVSS

7.2AI Score

0.919EPSS

2023-05-23 02:37 AM
366
osv
osv

CVE-2023-5543

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...

3.3CVSS

6.7AI Score

0.0004EPSS

2023-11-09 10:15 PM
5
osv
osv

CVE-2023-5546

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...

5.4CVSS

5.1AI Score

0.001EPSS

2023-11-09 08:15 PM
7
osv
osv

CVE-2023-5545

H5P metadata automatically populated the author with the user's username, which could be sensitive...

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-09 08:15 PM
2
osv
osv

CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...

8.8CVSS

8.9AI Score

0.002EPSS

2023-11-09 08:15 PM
5
osv
osv

CVE-2023-3487

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-10-20 03:15 PM
3
ibm
ibm

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 09:24 PM
2
osv
osv

Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...

6.8CVSS

6.7AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
osv
osv

CVE-2023-23922

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw.....

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-17 08:15 PM
8
osv
osv

CVE-2023-23921

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-17 08:15 PM
7
osv
osv

CVE-2023-23923

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted...

8.2CVSS

8.2AI Score

0.002EPSS

2023-02-17 08:15 PM
1
nuclei
nuclei

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...

9CVSS

8.7AI Score

0.421EPSS

2023-07-20 06:27 PM
8
osv
osv

Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...

7.8CVSS

7.9AI Score

0.0005EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Failure to strip relative path components in net/url

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the...

7.5CVSS

7.4AI Score

0.002EPSS

2022-09-12 08:23 PM
12
redhat
redhat

(RHSA-2024:3553) Important: nodejs : security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...

6.4AI Score

0.0004EPSS

2024-06-03 02:12 PM
3
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...

6.4AI Score

0.0004EPSS

2024-06-07 08:00 AM
1
Total number of security vulnerabilities368013