Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......
4CVSS
6.1AI Score
0.0004EPSS
K000139859: Envoy vulnerability CVE-2024-30255
Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....
5.3CVSS
6.7AI Score
0.0004EPSS
K000138651: c-ares vulnerability CVE-2022-4904
Security Advisory Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and...
8.6CVSS
6.9AI Score
0.001EPSS
typo3/cms is vulnerable to Denial of Service (DoS). The vulnerability is caused by allowing an excessively high maximum result limit in TYPO3's Indexed Search component. This flaw potentially enables attackers to execute a Denial of Service (DoS)...
7.2AI Score
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS...
9.8CVSS
0.0004EPSS
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS...
9.8CVSS
8.2AI Score
0.0004EPSS
(RHSA-2024:3369) Important: Errata Advisory for Red Hat OpenShift GitOps v1.10.6 security update
Errata Advisory for Red Hat OpenShift GitOps v1.10.6 Security Fix(es): CVE-2024-31989 argocd: unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. For more details about the security issue(s), including the impact, a CVSS score,...
7.3AI Score
0.05EPSS
(RHSA-2024:3475) Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.5 security update
Errata Advisory for Red Hat OpenShift GitOps v1.11.5 Security Fix(es): CVE-2024-31989 argocd: An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port...
7.3AI Score
0.05EPSS
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss()...
6.8AI Score
0.0004EPSS
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...
7.5CVSS
6.8AI Score
0.0005EPSS
Moderate: pki-core:10.6 and pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s), including the impact, a CVSS...
7.5CVSS
7AI Score
0.002EPSS
Moderate: perl-Convert-ASN1 security update
Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...
7.5CVSS
6.6AI Score
0.009EPSS
Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...
6.8CVSS
6.5AI Score
0.0004EPSS
Important: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...
7.8CVSS
6.9AI Score
0.0005EPSS
Moderate: pki-core:10.6 and pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s), including the impact, a CVSS...
7.5CVSS
7AI Score
0.002EPSS
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...
8.1CVSS
6.3AI Score
0.001EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
5.5CVSS
6.6AI Score
0.0004EPSS
Moderate: poppler security update
Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): poppler: NULL pointer dereference in FoFiType1C::convertToType1 (CVE-2020-36024) For more details about the security issue(s), including the impact, a CVSS score,...
5.5CVSS
6.5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through...
4.3CVSS
5.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...
6.7AI Score
0.0004EPSS
(RHSA-2024:3497) Important: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) edk2: Buffer...
7.4AI Score
0.001EPSS
Moderate: python-dns security update
The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...
6.8AI Score
0.0004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit...
10CVSS
9.9AI Score
0.957EPSS
Moderate: libXpm security update
X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...
5.5CVSS
6.4AI Score
0.0004EPSS
Important: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...
7.8CVSS
6.7AI Score
0.0005EPSS
Moderate: perl-Convert-ASN1 security update
Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...
7.5CVSS
6.7AI Score
0.009EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
7.5CVSS
7.5AI Score
0.052EPSS
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...
8.1CVSS
6.5AI Score
0.001EPSS
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and...
6.5CVSS
6.4AI Score
0.0004EPSS
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and...
6.5CVSS
6.8AI Score
0.0004EPSS
Important: less security update
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...
6.9AI Score
0.0004EPSS
Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
0.0004EPSS
container-tools:rhel8 security update
An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...
8.6CVSS
6AI Score
0.002EPSS
A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0malert(1)p86o0 leads to cross site...
6.1CVSS
6.4AI Score
0.001EPSS
Summary Potentialfollow-redirects open redirect vulnerabilitiy [ CVE-2023-26159] have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.3CVSS
6.5AI Score
0.001EPSS
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
7.1AI Score
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...
7.5CVSS
7.5AI Score
0.001EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more...
7.5CVSS
6.4AI Score
0.001EPSS
Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.5CVSS
6.7AI Score
0.002EPSS
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS...
9.8CVSS
8.1AI Score
0.0004EPSS
Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core (256137). IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details ** IBM X-Force ID: 256137 ...
6.9AI Score
Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...
6.8CVSS
6.4AI Score
0.0004EPSS
Moderate: libXpm security update
X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...
5.5CVSS
6.2AI Score
0.0004EPSS
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...
5.5CVSS
6.6AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
6.7AI Score
0.0004EPSS
The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fix(es): gmp: Integer overflow and resultant buffer overflow via crafted input (CVE-2021-43618) For more details about the security...
7.5CVSS
7.3AI Score
0.006EPSS
Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more...
7.5CVSS
6.2AI Score
0.001EPSS
Moderate: LibRaw security update
LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s),...
7.8CVSS
7AI Score
0.001EPSS
Moderate: perl-CPAN security update
The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...
8.1CVSS
6.6AI Score
0.004EPSS