Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...

6.4AI Score

0.0004EPSS

2024-06-07 08:00 AM
1
veracode
veracode

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

6.4AI Score

0.0004EPSS

2024-06-07 07:33 AM
1
veracode
veracode

Information Exposure Through Misconfigured Permissions

Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...

6.4AI Score

0.0004EPSS

2024-06-07 07:23 AM
veracode
veracode

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's...

5AI Score

0.0004EPSS

2024-06-07 06:37 AM
1
f5
f5

K000139592: libxml2 vulnerability CVE-2023-29469

Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...

6.5CVSS

6.7AI Score

0.001EPSS

2024-05-13 12:00 AM
5
f5
f5

K00994461: GSON vulnerability CVE-2022-25647

Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. (CVE-2022-25647) Impact Traffic is disrupted for new client connections. This...

7.7CVSS

7.5AI Score

0.002EPSS

2022-08-29 12:00 AM
35
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...

6.4AI Score

0.0004EPSS

2024-06-07 07:10 AM
veracode
veracode

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...

5.6AI Score

0.0004EPSS

2024-06-07 06:58 AM
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s),...

7.5CVSS

7AI Score

0.002EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: perl-Convert-ASN1 security update

Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...

7.5CVSS

6.6AI Score

0.009EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...

6.8CVSS

6.4AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...

8.1CVSS

8.2AI Score

0.001EPSS

2024-06-14 01:59 PM
1
githubexploit
githubexploit

Exploit for Use After Free in Linux Linux Kernel

CVE-2024-1086-checker This is a simple checker script to...

7.8CVSS

6.5AI Score

0.011EPSS

2024-06-03 10:04 PM
50
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
osv
osv

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at...

7.2CVSS

8.2AI Score

0.001EPSS

2023-12-12 09:15 AM
6
osv
osv

Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

6.2CVSS

6.7AI Score

0.001EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to...

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security...

6.5CVSS

6.6AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: pam security update

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of....

7.5CVSS

7AI Score

0.0005EPSS

2024-06-14 01:59 PM
almalinux
almalinux

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
ibm
ibm

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

7.5CVSS

8AI Score

0.0004EPSS

2024-06-04 06:53 PM
25
nuclei
nuclei

Gibbon v25.0.0 - Local File Inclusion

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's...

9.8CVSS

9.4AI Score

0.035EPSS

2023-06-26 04:38 AM
2
githubexploit
githubexploit

Exploit for Code Injection in Exiftool Project Exiftool

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code...

7.8CVSS

8.5AI Score

0.89EPSS

2022-04-16 10:49 PM
423
osv
osv

CVE-2023-41621

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component...

6.1CVSS

5.9AI Score

0.0005EPSS

2023-12-13 11:15 PM
1
osv
osv

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more...

7.5CVSS

7.6AI Score

0.732EPSS

2024-06-14 01:59 PM
osv
osv

Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For...

5.5CVSS

7.1AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s),...

7.8CVSS

7AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version....

5.3CVSS

7AI Score

0.0004EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

6.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 01:59 PM
nuclei
nuclei

Eyou E-Mail <3.6 - Remote Code Execution

Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file...

9.8CVSS

9.9AI Score

0.02EPSS

2021-04-13 06:40 AM
8
ibm
ibm

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in IBM Performance Tools for i [CVE-2024-27264].

Summary IBM i is vulnerable to a user gaining elevated privilege due to a program being called without library qualification in IBM Performance Tools for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the....

7.4CVSS

7AI Score

0.0004EPSS

2024-05-21 10:03 PM
7
redhat
redhat

(RHSA-2024:3544) Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...

6.7AI Score

0.0004EPSS

2024-06-03 06:38 AM
osv
osv

CVE-2023-41618

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component...

6.1CVSS

6.2AI Score

0.0005EPSS

2023-12-14 12:15 AM
2
ibm
ibm

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the...

6.8AI Score

2024-06-06 04:18 PM
2
nuclei
nuclei

phpMyAdmin < 5.1.2 - Cross-Site Scripting

An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML...

6.1CVSS

6.3AI Score

0.008EPSS

2022-02-14 11:43 AM
3
almalinux
almalinux

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): Rebase...

6.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
5
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): Rebase...

7AI Score

0.0004EPSS

2024-05-23 12:00 AM
5
ibm
ibm

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...

8.1CVSS

6.5AI Score

0.001EPSS

2024-06-07 06:45 AM
1
redhat
redhat

(RHSA-2024:3545) Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more...

6.6AI Score

0.0004EPSS

2024-06-03 06:39 AM
1
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 02:00 PM
5
almalinux
almalinux

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 12:00 AM
1
osv
osv

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...

8.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Important: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to...

8.1CVSS

8.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
Total number of security vulnerabilities368010