Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

f5
f5

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
7
osv
osv

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
osv
osv

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...

6.1CVSS

6.5AI Score

0.001EPSS

2024-06-14 01:59 PM
f5
f5

K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. (CVE-2024-22389) Impact This vulnerability may allow an authenticated attacker to use deleted or updated API tokens on the peer...

7.2CVSS

7AI Score

0.0004EPSS

2024-02-14 12:00 AM
7
osv
osv

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS...

7.8CVSS

7AI Score

0.001EPSS

2023-09-29 05:15 AM
7
osv
osv

Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) ...

7.8CVSS

7.9AI Score

0.0005EPSS

2024-06-14 01:59 PM
osv
osv

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

8.1CVSS

6.5AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...

8.1CVSS

6.7AI Score

0.009EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
githubexploit
githubexploit

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and...

10CVSS

7.6AI Score

0.0005EPSS

2024-04-09 09:17 PM
87
osv
osv

CVE-2023-7133

A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0malert(1)p86o0 leads to cross site...

6.1CVSS

6.4AI Score

0.001EPSS

2023-12-28 06:15 PM
4
ibm
ibm

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...

8.1CVSS

6.5AI Score

0.001EPSS

2024-06-07 06:45 AM
1
redhat
redhat

(RHSA-2024:3501) Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.2AI Score

0.0004EPSS

2024-05-30 12:07 PM
8
debiancve
debiancve

CVE-2021-47275

In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss()...

6.8AI Score

0.0004EPSS

2024-05-21 03:15 PM
4
debiancve
debiancve

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.7AI Score

0.0004EPSS

2024-05-22 07:15 AM
3
redhat
redhat

(RHSA-2024:3575) Low: Red Hat build of Keycloak 24.0.5 enhancement and security update

Red Hat build of Keycloak 24.0.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): * exposure of sensitive information in Pushed Authorization Requests (PAR)...

6.2AI Score

0.0004EPSS

2024-06-03 09:24 PM
4
nuclei
nuclei

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version...

7.5CVSS

7.4AI Score

0.013EPSS

2024-05-23 06:24 AM
102
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
32
nuclei
nuclei

Atlassian Confluence Server - Local File Inclusion

Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/...

5.3CVSS

5.3AI Score

0.959EPSS

2021-12-20 09:50 AM
7
osv
osv

CVE-2023-6439

A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated...

6.1CVSS

6.2AI Score

0.001EPSS

2023-11-30 08:15 PM
7
osv
osv

BIT-grafana-2022-39229

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields,...

4.3CVSS

4.5AI Score

0.001EPSS

2024-03-06 10:55 AM
11
osv
osv

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...

8.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Important: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to...

8.1CVSS

8.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37446) Security Fix(es): ruby: Buffer overread...

6.3AI Score

EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...

6.5CVSS

6.4AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: python-pillow security update

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004) libssh: Missing checks for return values for digests...

5.3CVSS

7.1AI Score

0.001EPSS

2024-06-14 01:59 PM
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

7AI Score

EPSS

2024-06-06 12:00 AM
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
osv
osv

CVE-2022-39229

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields,...

4.3CVSS

9.3AI Score

0.001EPSS

2022-10-13 11:15 PM
14
ubuntucve
ubuntucve

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...

7.7AI Score

0.0004EPSS

2024-06-06 12:00 AM
3
osv
osv

Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: a heap overflow leading to denail-of-servce while writing a...

5.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
rocky
rocky

grafana security update

An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor...

7.5CVSS

7.3AI Score

0.0005EPSS

2024-06-14 01:59 PM
rocky
rocky

python-dns security update

An update is available for python-dns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-dns package contains the dnslib module that implements a DNS...

6.8AI Score

0.0004EPSS

2024-06-14 01:59 PM
almalinux
almalinux

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
osv
osv

CVE-2024-3825

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-04-17 03:15 PM
8
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
2
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.3AI Score

EPSS

2024-06-06 12:00 AM
osv
osv

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

6.3CVSS

6.6AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....

6.3CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
githubexploit
githubexploit

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx Firmware

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass...

9.8CVSS

9.5AI Score

0.256EPSS

2021-10-18 04:02 PM
313
ibm
ibm

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....

6AI Score

EPSS

2024-06-05 12:08 PM
1
githubexploit
githubexploit

Exploit for CVE-2022-25765

Exploit for CVE-2022–25765 (pdfkit) - Command Injection...

9.8CVSS

9.4AI Score

0.191EPSS

2023-02-10 12:50 AM
192
osv
osv

CVE-2023-45929

S-Lang 2.3.2 was discovered to contain a segmentation fault via the function...

6.8AI Score

0.0004EPSS

2024-03-27 04:15 AM
2
osv
osv

CVE-2023-45927

S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function...

6.9AI Score

0.0004EPSS

2024-03-27 04:15 AM
3
osv
osv

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...

5.8CVSS

6.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
4
osv
osv

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): gstreamer-plugins-good: integer overflow leading to...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-14 01:59 PM
Total number of security vulnerabilities368009