Lucene search

K

FFRI Security, Inc. Security Vulnerabilities

osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-05-22 12:00 AM
osv
osv

Moderate: poppler security update

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): poppler: NULL pointer dereference in FoFiType1C::convertToType1 (CVE-2020-36024) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
osv
osv

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.3AI Score

0.0005EPSS

2024-05-23 12:00 AM
1
osv
osv

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852) webkitgtk:...

9.8CVSS

8.2AI Score

0.017EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.9CVSS

6.6AI Score

0.001EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: pam security update

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
osv
osv

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score,...

7.8CVSS

6.8AI Score

0.001EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)...

5.8CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score,...

7.8CVSS

6.9AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

8.1CVSS

6.7AI Score

0.001EPSS

2024-05-22 12:00 AM
1
oraclelinux
oraclelinux

gdk-pixbuf2 security update

[2.36.12-6] - Backport fixes for CVE-2022-48622 - Apply patches with git to enable binary patching - Resolves:...

7.8CVSS

7.3AI Score

0.001EPSS

2024-05-29 12:00 AM
6
osv
osv

chromium - security update

Bulletin has no...

8.8CVSS

6.9AI Score

0.003EPSS

2024-05-24 12:00 AM
2
cvelist
cvelist

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

6AI Score

0.0004EPSS

2024-04-17 08:12 AM
2
nuclei
nuclei

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.5CVSS

6.6AI Score

0.503EPSS

2023-08-03 11:24 PM
18
osv
osv

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

6.8AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
github
github

WildFly Elytron: SSRF security issue

A flaw was found inJwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF)...

7.3CVSS

7AI Score

0.001EPSS

2024-04-09 09:31 AM
8
almalinux
almalinux

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s),...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-22 12:00 AM
1
arista
arista

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

6AI Score

EPSS

2024-05-24 12:00 AM
5
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
osv
osv

Security exception in java.base/java.util.Collections$UnmodifiableCollection.forEach

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51154 Crash type: Security exception Crash state: java.base/java.util.Collections$UnmodifiableCollection.forEach org.apache.commons.configuration2.tree.NodeTreeWalker.dfs...

6.7AI Score

2022-09-10 12:00 AM
6
f5
f5

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

5.3CVSS

6.1AI Score

0.0004EPSS

2024-04-10 12:00 AM
14
osv
osv

fossil - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-05-25 12:00 AM
3
cve
cve

CVE-2023-5826

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed.....

8.8CVSS

8.7AI Score

0.001EPSS

2023-10-27 06:15 PM
19
cve
cve

CVE-2023-5784

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has....

9.8CVSS

9.5AI Score

0.001EPSS

2023-10-26 03:15 PM
31
oraclelinux
oraclelinux

exempi security update

[2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves:...

6.5CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

libtiff security update

[4.0.9-31] - Fix CVE-2022-3599 CVE-2022-4645 - Resolves: RHEL-5399 [4.0.9-30] - Bump specfile to retrigger gating - Add tests folder for standard beakerlib - Related: RHEL-4683 RHEL-4685 RHEL-4686 RHEL-4687...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
oraclelinux
oraclelinux

libXpm security update

[3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm:...

5.5CVSS

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
6
osv
osv

Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68092 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.HeapCharBuffer.&lt;init&gt;...

7.1AI Score

2024-04-19 12:12 AM
2
cve
cve

CVE-2023-5700

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been...

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-23 12:15 AM
26
cve
cve

CVE-2023-5681

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.2CVSS

7.2AI Score

0.001EPSS

2023-10-20 09:15 PM
29
cve
cve

CVE-2017-20014

A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach....

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-28 09:15 PM
20
cve
cve

CVE-2017-20015

A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-28 09:15 PM
29
cve
cve

CVE-2023-6903

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely....

9.8CVSS

9.7AI Score

0.001EPSS

2023-12-17 11:15 PM
18
cve
cve

CVE-2023-3792

A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this.....

6.5CVSS

6.5AI Score

0.001EPSS

2023-07-20 07:15 PM
35
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
5
wpvulndb
wpvulndb

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
9
cve
cve

CVE-2023-7094

A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The...

7.5CVSS

7.3AI Score

0.001EPSS

2023-12-25 12:15 AM
18
almalinux
almalinux

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

7.2AI Score

0.0005EPSS

2024-05-23 12:00 AM
26
cve
cve

CVE-2010-5179

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
21
4
cve
cve

CVE-2010-5176

Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2017-20011

A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The....

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-28 09:15 PM
24
oraclelinux
oraclelinux

go-toolset:ol8 security update

delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves:...

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
2
cve
cve

CVE-2010-5183

Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2010-5151

Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
osv
osv

Moderate: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

4.7CVSS

6.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
cve
cve

CVE-2010-5184

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during.....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2010-5153

Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
22
osv
osv

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
Total number of security vulnerabilities2569021