Lucene search

K

FFRI Security, Inc. Security Vulnerabilities

rocky
rocky

virt:rhel and virt-devel:rhel security update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

6.2CVSS

6.8AI Score

0.001EPSS

2024-06-14 01:59 PM
oraclelinux
oraclelinux

podman security and bug fix update

[4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat...

4.9CVSS

7.5AI Score

0.0005EPSS

2024-06-11 12:00 AM
debian
debian

[SECURITY] [DSA 5692-1] ghostscript security update

Debian Security Advisory DSA-5692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2024 https://www.debian.org/security/faq Package : ghostscript CVE ID : CVE-2023-52722 CVE-2024-29510...

8.2AI Score

EPSS

2024-05-15 08:07 PM
4
cve
cve

CVE-2010-5161

Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
25
osv
osv

chromium - security update

Bulletin has no...

8.8CVSS

6.1AI Score

0.002EPSS

2024-05-17 12:00 AM
2
ubuntucve
ubuntucve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...

6.5AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
nuclei
nuclei

Spring Security OAuth2 Remote Command Execution

Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote...

8.8CVSS

8.8AI Score

0.046EPSS

2022-01-05 08:37 AM
5
oraclelinux

7.5CVSS

7.6AI Score

0.962EPSS

2024-05-24 12:00 AM
2
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
3
osv
osv

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

6.3CVSS

6.3AI Score

0.0005EPSS

2024-05-23 12:00 AM
1
almalinux
almalinux

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...

7.5CVSS

7.8AI Score

0.732EPSS

2024-05-22 12:00 AM
14
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-23 12:00 AM
5
osv
osv

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

6.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
osv
osv

Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more...

7.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
1
osv

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
osv
osv

bind9 - security update

Bulletin has no...

7.5CVSS

7.7AI Score

0.05EPSS

2024-05-17 12:00 AM
4
oraclelinux
oraclelinux

python3.11-urllib3 security update

[1.26.12-2] - Security fix for CVE-2023-43804 Resolves:...

8.1CVSS

6.9AI Score

0.001EPSS

2024-05-23 12:00 AM
1
oraclelinux
oraclelinux

httpd:2.4 security update

httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.37-63] - mod_xml2enc: fix media type handling Resolves: RHEL-14321 mod_http2 [1.15.7-10] -...

7.5CVSS

7.5AI Score

0.01EPSS

2024-05-24 12:00 AM
8
osv
osv

thunderbird - security update

Bulletin has no...

6AI Score

0.0004EPSS

2024-05-17 12:00 AM
2
nuclei
nuclei

Dahua Security - Configuration File Disclosure

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...

9.8CVSS

9.4AI Score

0.36EPSS

2023-07-13 09:56 PM
35
debian
debian

[SECURITY] [DSA 5689-1] chromium security update

Debian Security Advisory DSA-5689-1 [email protected] https://www.debian.org/security/ Andres Salomon May 15, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4761 A security issue...

8.8CVSS

6.9AI Score

0.003EPSS

2024-05-15 05:48 PM
osv
osv

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): qt: incorrect integer overflow check (CVE-2023-51714) qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more...

9.8CVSS

7AI Score

0.001EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
2
osv
osv

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
almalinux
almalinux

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....

6.3CVSS

6.5AI Score

0.0005EPSS

2024-05-23 12:00 AM
2
almalinux
almalinux

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
almalinux
almalinux

Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...

7.8CVSS

6.6AI Score

0.001EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more...

7.5CVSS

6.2AI Score

0.001EPSS

2024-05-22 12:00 AM
oraclelinux
oraclelinux

libreoffice security fix update

[1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix...

8.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
5
almalinux
almalinux

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...

8.1CVSS

6.5AI Score

0.001EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: perl-Convert-ASN1 security update

Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...

7.5CVSS

6.6AI Score

0.009EPSS

2024-06-14 01:59 PM
nuclei
nuclei

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

6.1CVSS

6.1AI Score

0.001EPSS

2022-10-05 08:01 PM
4
oraclelinux
oraclelinux

idm:DL1 and idm:client security update

bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...

6.8CVSS

6.7AI Score

0.0004EPSS

2024-05-29 12:00 AM
2
nuclei
nuclei

WordPress BulletProof Security 5.1 Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....

5.3CVSS

4.9AI Score

0.248EPSS

2021-10-08 01:31 PM
9
ibm
ibm

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by ISVG - Identity Manager have multiple vulnerabilities

Summary IBM Security Verify Governance - Identity Manager ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletin(s)...

7.5CVSS

7AI Score

0.014EPSS

2024-04-17 07:17 AM
15
osv
osv

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....

9.8CVSS

6.8AI Score

0.005EPSS

2024-05-22 12:00 AM
osv
osv

Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

8.2CVSS

6.8AI Score

0.0005EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
osv
osv

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...

7.5CVSS

7.2AI Score

0.732EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...

8.6CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-05-22 12:00 AM
5
osv
osv

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...

8.1CVSS

6.3AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): qt: incorrect integer overflow check (CVE-2023-51714) qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more...

9.8CVSS

7.2AI Score

0.001EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...

8.1CVSS

6.6AI Score

0.003EPSS

2024-05-22 12:00 AM
4
mageia
mageia

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c....

7.2AI Score

0.0004EPSS

2024-06-06 06:48 PM
4
osv
osv

Security exception in java.base/java.util.Collections$UnmodifiableCollection.forEach

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51154 Crash type: Security exception Crash state: java.base/java.util.Collections$UnmodifiableCollection.forEach org.apache.commons.configuration2.tree.NodeTreeWalker.dfs...

6.7AI Score

2022-09-10 12:00 AM
6
osv
osv

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...

8.6CVSS

6.7AI Score

0.002EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: python-pillow security update

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...

7.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
osv
osv

Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...

8.1CVSS

6.4AI Score

0.003EPSS

2024-05-22 12:00 AM
2
Total number of security vulnerabilities2563929