CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
8.8AI Score
0.945EPSS
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
CVE-2024-24919 Name: CVE-2024-24919 Scanner Author:...
8.6CVSS
9.1AI Score
0.945EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: * High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11 * High CVE-2024-5494: Use after free in Dawn. Reported by...
7.5AI Score
0.0004EPSS
Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
5.3CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in sqlparse affects IBM Process Mining CVE-2024-4340
Summary There is a vulnerability in sqlparse that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4340 .....
7.5CVSS
7.2AI Score
0.0004EPSS
APSB24-44 : Security update available for Adobe Creative Cloud Desktop
Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for a critical vulnerability that could lead to arbitrary code execution in the context of the current...
5.5CVSS
7.8AI Score
0.0004EPSS
TYPO3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this...
7.2AI Score
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): ruby: Buffer overread...
9.4AI Score
EPSS
Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68929 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals...
7.1AI Score
xorg-x11-server security update
[1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-21] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21207 Resolves: https://issues.redhat.com/browse/RHEL-20528 ...
7.8CVSS
7AI Score
0.273EPSS
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install...
6.6AI Score
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities (CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086). Vulnerability Details CVEID: CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
7.8CVSS
8.7AI Score
0.002EPSS
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....
6.1CVSS
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: kitty-0.31.0-2.fc39
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
5.5AI Score
0.0004EPSS
XenServer and Citrix Hypervisor Security Update for CVE-2024-5661
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which mayallow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. This issue has the following identifier: CVE-2024-5661 CVE-2024-5661 affects all deployments....
6.7AI Score
0.0004EPSS
chromium -- multiple security fixes
Chrome Releases reports: This update includes 15 security fixes: [336012573] High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21 [338908243] High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-06 [335613092] High...
8.8CVSS
8.1AI Score
0.002EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0286
Updates of ['libvirt'] packages of Photon OS have been...
9.8CVSS
9.6AI Score
0.001EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0625
Updates of ['libvirt'] packages of Photon OS have been...
9.8CVSS
9.6AI Score
0.001EPSS
(RHSA-2024:3486) Moderate: gdisk security update
The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master....
7.3AI Score
0.001EPSS
K000139525: Libexpat vulnerability CVE-2022-43680
Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680) Impact System performance degradation can occur until the process is forced to restart.....
6.7AI Score
0.004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064
Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
5.4CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849
Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
6.5CVSS
6.3AI Score
0.0004EPSS
New git packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.39.4-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Recursive clones on case-insensitive filesystems that...
9CVSS
7.8AI Score
0.002EPSS
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
(RHSA-2024:3513) Important: less security update
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...
7.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: chromium-125.0.6422.141-1.fc39
Chromium is an open-source web browser, powered by WebKit...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be...
5.3CVSS
5.6AI Score
0.0004EPSS
7.3AI Score
[SECURITY] Fedora 39 Update: ruff-0.3.7-2.fc39
An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle,...
7.4AI Score
[SECURITY] Fedora 39 Update: libipuz-0.4.6.2-2.fc39
This is a library for parsing .ipuz puzzle files, for crossword puzzles, sudokus, etc. The library only handles crosswords for...
7.3AI Score
ruby:3.1 security, bug fix, and enhancement update
ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...
6.5AI Score
EPSS
[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...
8.3CVSS
8.4AI Score
0.0004EPSS
(RHSA-2024:3544) Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...
6.7AI Score
0.0004EPSS
(RHSA-2024:3501) Moderate: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.2AI Score
0.0004EPSS
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring (ITM) portal server. have been remediated. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM...
7.5CVSS
8.5AI Score
0.001EPSS
[SECURITY] [DLA 3815-1] firefox-esr security update
Debian LTS Advisory DLA-3815-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 16, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.11.0esr-1~deb10u1 CVE...
8.5AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.009EPSS
gstreamer1-plugins-good security update
[1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves:...
7.6CVSS
7.2AI Score
0.0005EPSS
Clone Job Fails Due to Security Context Constraints (SCC) Issue
Cloned-restore jobs time out and eventually fail because an application's security context provides permissions in the original application...
7.2AI Score
APSB24-43 : Security update available for Adobe Substance 3D Stager
Adobe has released an update for Adobe Substance 3D Stager. This update addresses a critical vulnerability in Adobe Substance 3D Stager. Successful exploitation could lead to arbitrary code execution in the context of the current...
7.8CVSS
7.8AI Score
0.001EPSS
Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
8.8CVSS
6.9AI Score
0.0005EPSS
Important: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...
7.8CVSS
6.7AI Score
0.0005EPSS
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Db2 Database Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
6.8AI Score
7.4AI Score
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...
8.3CVSS
8.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: libarchive-3.7.2-4.fc40
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP...
7.8CVSS
7.8AI Score
0.001EPSS
[SECURITY] [DLA 3813-1] shim security update
Debian LTS Advisory DLA-3813-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 13, 2024 https://wiki.debian.org/LTS Package : shim Version : 15.8-1~deb10u1 CVE ID :...
8.3CVSS
7.1AI Score
0.025EPSS
Updated qtnetworkauth5 & qtnetworkauth6 packages fix security vulnerability
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable...
7.2AI Score
0.0004EPSS
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install...
6.6AI Score