Lucene search

K

FFRI Security, Inc. Security Vulnerabilities

almalinux
almalinux

Moderate: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

4.7CVSS

6.3AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
mageia
mageia

Updated python-gunicorn packages fix security vulnerability

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-24 10:04 PM
10
oraclelinux
oraclelinux

389-ds-base security update

[1.3.11.1-5] - Bump version to 1.3.11.1-5 - Resolves: RHEL-33337 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request - Resolves: RHEL-34817 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in...

7.5CVSS

6.4AI Score

0.0004EPSS

2024-06-04 12:00 AM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-05-22 12:00 AM
osv
osv

Moderate: poppler security update

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): poppler: NULL pointer dereference in FoFiType1C::convertToType1 (CVE-2020-36024) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
osv
osv

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.3AI Score

0.0005EPSS

2024-05-23 12:00 AM
1
osv
osv

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852) webkitgtk:...

9.8CVSS

8.2AI Score

0.017EPSS

2024-05-22 12:00 AM
osv
osv

chromium - security update

Bulletin has no...

8.8CVSS

6.9AI Score

0.003EPSS

2024-05-24 12:00 AM
2
almalinux
almalinux

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.9CVSS

6.6AI Score

0.001EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: pam security update

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
osv
osv

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score,...

7.8CVSS

6.8AI Score

0.001EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)...

5.8CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score,...

7.8CVSS

6.9AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

8.1CVSS

6.7AI Score

0.001EPSS

2024-05-22 12:00 AM
1
hp
hp

HP ThinPro 8.0 SP 9 Security Updates

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 9) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 9, which includes updates to mitigate potential vulnerabilities. All the identified vulnerabilities listed above were addressed and fixed as part of.....

9.8CVSS

9AI Score

0.732EPSS

2024-06-17 12:00 AM
6
hp
hp

Intel Thunderbolt Driver May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...

7CVSS

7.4AI Score

0.0004EPSS

2024-05-14 12:00 AM
13
osv
osv

python-pymysql - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-05-27 12:00 AM
3
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
osv
osv

chromium - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
7
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
5
almalinux
almalinux

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s),...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-22 12:00 AM
1
cve
cve

CVE-2023-5700

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been...

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-23 12:15 AM
26
cve
cve

CVE-2023-5681

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.2CVSS

7.2AI Score

0.001EPSS

2023-10-20 09:15 PM
29
osv
osv

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

4.9CVSS

7.1AI Score

0.0005EPSS

2024-06-14 02:00 PM
5
cve
cve

CVE-2010-5179

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
21
4
cve
cve

CVE-2010-5176

Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
almalinux
almalinux

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

4.9CVSS

5.5AI Score

0.0005EPSS

2024-06-11 12:00 AM
2
ibm
ibm

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2024-0853). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2024-0853 ...

5.3CVSS

6.2AI Score

0.001EPSS

2024-06-20 10:03 PM
2
mageia
mageia

Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c....

7.2AI Score

0.0004EPSS

2024-06-06 06:48 PM
4
oraclelinux
oraclelinux

python-dns security update

[1.15.0-12] - Security fix for CVE-2023-29483 Resolves:...

7AI Score

0.0004EPSS

2024-05-29 12:00 AM
6
f5
f5

K000139592: libxml2 vulnerability CVE-2023-29469

Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...

6.5CVSS

6.7AI Score

0.001EPSS

2024-05-13 12:00 AM
5
oraclelinux
oraclelinux

exempi security update

[2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves:...

6.5CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

libtiff security update

[4.0.9-31] - Fix CVE-2022-3599 CVE-2022-4645 - Resolves: RHEL-5399 [4.0.9-30] - Bump specfile to retrigger gating - Add tests folder for standard beakerlib - Related: RHEL-4683 RHEL-4685 RHEL-4686 RHEL-4687...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
oraclelinux
oraclelinux

libXpm security update

[3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm:...

5.5CVSS

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
6
oraclelinux
oraclelinux

go-toolset:ol8 security update

delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves:...

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
2
osv
osv

Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68092 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.HeapCharBuffer.<init>...

7.1AI Score

2024-04-19 12:12 AM
2
cve
cve

CVE-2023-5826

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed.....

8.8CVSS

8.7AI Score

0.001EPSS

2023-10-27 06:15 PM
19
cve
cve

CVE-2023-5784

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has....

9.8CVSS

9.5AI Score

0.001EPSS

2023-10-26 03:15 PM
31
nuclei
nuclei

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.5CVSS

6.6AI Score

0.503EPSS

2023-08-03 11:24 PM
18
cve
cve

CVE-2017-20014

A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach....

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-28 09:15 PM
20
cve
cve

CVE-2017-20015

A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-28 09:15 PM
29
oraclelinux
oraclelinux

LibRaw security update

[0.19.5-4] - Backport fix for CVE-2021-32142 from upstream Resolves:...

7.8CVSS

7AI Score

0.001EPSS

2024-05-24 12:00 AM
3
cve
cve

CVE-2023-7094

A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The...

7.5CVSS

7.3AI Score

0.001EPSS

2023-12-25 12:15 AM
18
osv
osv

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

8.8CVSS

6.3AI Score

EPSS

2024-05-30 12:00 AM
2
almalinux
almalinux

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

8.8CVSS

6.7AI Score

EPSS

2024-05-30 12:00 AM
3
oraclelinux
oraclelinux

grub2 security update

[2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure [Orabug: 35126950] - Fix CVE-2022-3775 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't.....

7.8CVSS

6.9AI Score

0.001EPSS

2024-05-24 12:00 AM
4
cve
cve

CVE-2010-5184

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during.....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2010-5153

Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
22
Total number of security vulnerabilities2569021