Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

redhat
redhat

(RHSA-2024:3428) Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...

6.4AI Score

0.0004EPSS

2024-05-28 01:07 PM
1
osv
osv

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

BIT-nginx-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.9AI Score

0.0004EPSS

2024-06-04 09:49 AM
1
f5
f5

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

9.8CVSS

7.5AI Score

0.006EPSS

2024-06-05 12:00 AM
9
redhat
redhat

(RHSA-2024:3369) Important: Errata Advisory for Red Hat OpenShift GitOps v1.10.6 security update

Errata Advisory for Red Hat OpenShift GitOps v1.10.6 Security Fix(es): CVE-2024-31989 argocd: unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. For more details about the security issue(s), including the impact, a CVSS score,...

7.3AI Score

0.05EPSS

2024-05-28 08:20 AM
3
osv
osv

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

7.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

5.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
osv
osv

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

7.8CVSS

7.8AI Score

0.0005EPSS

2024-06-14 01:59 PM
rocky
rocky

LibRaw security update

An update is available for LibRaw. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibRaw is a library for reading RAW files obtained from digital photo cameras....

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-14 01:59 PM
1
githubexploit
githubexploit

Exploit for Expression Language Injection in Atlassian Confluence Data Center

ConfluentPwn Confluence pre-auth ONGL injection remote code...

10.3AI Score

2022-06-08 04:53 AM
331
osv
osv

CVE-2024-24396

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar...

6.1CVSS

6.4AI Score

0.002EPSS

2024-02-05 07:15 PM
1
nuclei
nuclei

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

6.1CVSS

6.3AI Score

0.001EPSS

2022-06-04 08:57 AM
1
nuclei
nuclei

Subrion CMS <4.1.5.10 - SQL Injection

"Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET...

9.8CVSS

9.8AI Score

0.018EPSS

2020-09-26 01:05 AM
11
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

9.8CVSS

7AI Score

EPSS

2024-05-22 12:00 AM
osv
osv

Moodle ReCAPTCHA can be bypassed on the login page

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
osv
osv

Moodle Unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being...

6.2AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
3
rocky
rocky

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
rocky
rocky

python3.11-urllib3 security update

An update is available for python3.11-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-urllib3 package provides the Python HTTP module with...

8.1CVSS

8.2AI Score

0.001EPSS

2024-06-14 01:59 PM
1
rocky
rocky

perl-Convert-ASN1 security update

An update is available for perl-Convert-ASN1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Convert::ASN1 encodes and decodes ASN.1 data structures using...

7.5CVSS

6.7AI Score

0.009EPSS

2024-06-14 01:59 PM
1
osv
osv

Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...

6.5AI Score

0.0004EPSS

2024-05-31 09:30 PM
osv
osv

Moodle Cross-site Scripting (XSS)

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some...

5.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
2
osv
osv

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...

7.5CVSS

6.7AI Score

0.0005EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
2
osv
osv

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
osv
osv

CVE-2023-45814

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for...

5.3CVSS

7.1AI Score

0.0005EPSS

2023-10-18 10:15 PM
5
almalinux
almalinux

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-05-22 12:00 AM
4
almalinux
almalinux

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

6.9AI Score

2024-05-22 12:00 AM
2
osv
osv

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
almalinux
almalinux

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-06 12:00 AM
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-06 12:00 AM
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-06 12:00 AM
almalinux
almalinux

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
osv
osv

Moodle Improper Input Validation

Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used...

6.5AI Score

0.0004EPSS

2024-05-31 09:30 PM
osv
osv

Moodle stored Cross-site Scripting (XSS)

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's...

5.5AI Score

0.0004EPSS

2024-05-31 09:30 PM
2
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-23 12:00 AM
5
osv
osv

BIT-nginx-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6AI Score

0.0004EPSS

2024-06-04 09:49 AM
2
githubexploit
githubexploit

Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel

RNDIS-CO Summary The RNDIS USB Gadget may be exploited...

6.9AI Score

2022-02-17 02:02 PM
389
f5
f5

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-&gt;nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-06-04 12:00 AM
5
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-14 01:59 PM
2
osv
osv

Moderate: poppler security update

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): poppler: NULL pointer dereference in FoFiType1C::convertToType1 (CVE-2020-36024) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
1
redhat
redhat

(RHSA-2024:3427) Important: kpatch-patch security update

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) For more details about the security...

6.9AI Score

0.011EPSS

2024-05-28 01:07 PM
3
almalinux
almalinux

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-06 12:00 AM
1
osv
osv

Moodle CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
osv
osv

Moodle Logout CSRF in admin/tool/mfa/auth.php

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
f5
f5

K000139859: Envoy vulnerability CVE-2024-30255

Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-31 12:00 AM
3
f5
f5

K000138651: c-ares vulnerability CVE-2022-4904

Security Advisory Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and...

8.6CVSS

6.9AI Score

0.001EPSS

2024-02-19 12:00 AM
11
osv
osv

Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
Total number of security vulnerabilities368010