External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
7.1AI Score
0.0004EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.8CVSS
6.7AI Score
0.0004EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.8CVSS
6.8AI Score
0.0004EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.9AI Score
0.005EPSS
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....
6.3CVSS
6.3AI Score
0.0005EPSS
Moderate: python-pillow security update
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...
7.5CVSS
6.5AI Score
0.001EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
8.1CVSS
6.8AI Score
0.009EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7.8CVSS
6.5AI Score
0.001EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.8AI Score
0.005EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.8AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...
6.8AI Score
0.0004EPSS
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5CVSS
7.2AI Score
0.732EPSS
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...
8.6CVSS
6.9AI Score
0.002EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.3AI Score
0.001EPSS
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...
8.1CVSS
6.3AI Score
0.001EPSS
Moderate: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): qt: incorrect integer overflow check (CVE-2023-51714) qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more...
9.8CVSS
7.2AI Score
0.001EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
Moderate: python-dns security update
The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...
6.8AI Score
0.0004EPSS
Moderate: perl-CPAN security update
The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...
8.1CVSS
6.6AI Score
0.004EPSS
[SECURITY] Fedora 39 Update: galera-26.4.18-1.fc39
Galera is a fast synchronous multimaster wsrep provider (replication engine) for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...
4.9CVSS
5.2AI Score
0.0005EPSS
libreoffice security fix update
[1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix...
8.8CVSS
7AI Score
0.001EPSS
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install...
6.6AI Score
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install...
6.6AI Score
Updated netatalk packages fix security vulnerability
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary...
10CVSS
7.1AI Score
0.007EPSS
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.
Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...
9.8CVSS
9.7AI Score
0.794EPSS
httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.37-63] - mod_xml2enc: fix media type handling Resolves: RHEL-14321 mod_http2 [1.15.7-10] -...
7.5CVSS
7.5AI Score
0.01EPSS
Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...
9.8CVSS
10AI Score
0.004EPSS
6.6AI Score
0.0004EPSS
[SECURITY] [DSA 5693-1] thunderbird security update
Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...
7.1AI Score
0.0004EPSS
Moderate: containernetworking-plugins security and bug fix update
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
5.2AI Score
0.0004EPSS
Moderate: containernetworking-plugins security and bug fix update
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
5.2AI Score
0.0004EPSS
Typo3 Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session...
6.9AI Score
Typo3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this...
7.2AI Score
bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-50] - Rebuild...
7.5CVSS
6.8AI Score
0.05EPSS
[SECURITY] Fedora 39 Update: libarchive-3.7.1-2.fc39
Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP...
7.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: firefox-127.0-1.fc40
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and...
7.3AI Score
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...
9.7AI Score
0.0004EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...
7.8CVSS
6.9AI Score
0.001EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
7.2AI Score
0.001EPSS
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....
9.8CVSS
9.8AI Score
EPSS
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
7.8CVSS
7.7AI Score
EPSS
virt:rhel and virt-devel:rhel security and enhancement update
An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...
7CVSS
7.4AI Score
0.002EPSS
xorg-x11-server security update
[1.20.14-23] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on...
7.8CVSS
6.7AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: thunderbird-115.12.0-2.fc40
Mozilla Thunderbird is a standalone mail and newsgroup...
7.3AI Score
[SECURITY] Fedora 39 Update: python-PyMySQL-1.1.1-1.fc39
This package contains a pure-Python MySQL client library. The goal of PyMyS QL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPyth on and...
7.2AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: chromium-126.0.6478.55-1.fc39
Chromium is an open-source web browser, powered by WebKit...
8.8CVSS
7.5AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.3CVSS
5.7AI Score
0.0004EPSS
python3.11-urllib3 security update
[1.26.12-2] - Security fix for CVE-2023-43804 Resolves:...
8.1CVSS
6.9AI Score
0.001EPSS
K000139810: Oracle Java vulnerability CVE-2024-20919
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....
5.9CVSS
5.9AI Score
0.0005EPSS