Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
6.9AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
tomcat security and bug fix update
[1:9.0.87-1.el8_10.1] - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) -...
6.8AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0301
Updates of ['libarchive', 'openssl'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0636
Updates of ['nodejs', 'libndp'] packages of Photon OS have been...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.001EPSS
Flow Bugfix Releases for Entity Security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....
7.8AI Score
Chrome Releases reports: This update includes 1 security fix: [341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on...
8.8CVSS
7.1AI Score
0.003EPSS
[3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...
7.5CVSS
6.9AI Score
0.001EPSS
[2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves:...
8.1CVSS
6.9AI Score
0.001EPSS
[0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0 branch Resolves: RHEL-24429 [0.13.68-11] - Use /usr/libexec/platform-python macro during the config phase (used for doc generation) Resolves:...
5.5CVSS
7AI Score
0.0004EPSS
[21.01.0-11] - Fix crashes in FoFiType1C - Rebuild for inclusion of poppler-glib-doc in CRB - Resolves: RHEL-4255, RHEL-4273 [21.01.0-10] - Check XRef's Catalog for being a Dict - Resolves: #2189816 [20.11.0-9] - Check isDict before calling getDict 2 - Resolves: #2189837 [20.11.0-8] - Check isDict....
5.5CVSS
7.5AI Score
0.001EPSS
[3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...
5.3CVSS
6.8AI Score
0.001EPSS
[0.9.6-14] - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...
5.3CVSS
8AI Score
0.001EPSS
[9.27-12] - fix to prevent divison by zero in devices - Resolves:...
5.5CVSS
6.8AI Score
0.001EPSS
Weaver E-Office 9.5 - Remote Code Execution
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
9.8CVSS
7.8AI Score
0.106EPSS
Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory...
6.9AI Score
0.0004EPSS
Moderate: ruby:3.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...
8.8CVSS
6.3AI Score
EPSS
Moderate: ruby:3.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...
8.8CVSS
6.7AI Score
EPSS
Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
[239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376] - 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376] - 1B) Add required.....
5.9CVSS
6.8AI Score
0.001EPSS
[0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 [0.10.18-1] - Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7741 [0.10.17-6] -...
5.8CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
6.9AI Score
0.001EPSS
[1.7.5-4] - Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive...
7.5CVSS
7.1AI Score
0.002EPSS
[1.6.8-8] - Backport fix for Xlib lockups due to recursive XError (RHEL-23452) [1.6.8-7] - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() - Fix CVE-2023-43787: integer overflow in XCreateImage()...
7.8CVSS
7.5AI Score
0.0004EPSS
[2.3.4-20] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted...
5.5CVSS
6.7AI Score
0.0004EPSS
[3:2.1.0-8] - add gating.yaml [3:2.1.0-7] - fix improper command line parsing...
5.5CVSS
7.1AI Score
0.0004EPSS
7.5CVSS
7AI Score
0.006EPSS
[7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves:....
7.5CVSS
7.2AI Score
0.005EPSS
K000139859: Envoy vulnerability CVE-2024-30255
Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....
5.3CVSS
6.7AI Score
0.0004EPSS
K000138651: c-ares vulnerability CVE-2022-4904
Security Advisory Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and...
8.6CVSS
6.9AI Score
0.001EPSS
Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
7AI Score
0.0004EPSS
[2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1] - Update to 2.42.3 Resolves: RHEL-3961 [2.42.2-1] - Update to 2.42.2 Resolves: RHEL-3961 [2.42.1-1] - Update to 2.42.1 Resolves: RHEL-3961 [2.42.0-1] -...
9.8CVSS
7.4AI Score
0.017EPSS
[1.3.1-33] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242 [1.3.1-32] - pam_access: handle hostnames in access.conf. Resolves: RHEL-3374 [1.3.1-31] - pam_faillock: create tallydir before creating tallyfile. Resolves:...
5.5CVSS
6.6AI Score
0.0004EPSS
gvisor-tap-vsock security and bug fix update
[6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves:...
7.4AI Score
0.0004EPSS
containernetworking-plugins security and bug fix update
[1:1.4.0-3] - rebuild for CVE-2023-45290 - Resolves:...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
5.9AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: mariadb-10.5.25-1.fc39
MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs....
4.9CVSS
5.8AI Score
0.0005EPSS
httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.37-63] - mod_xml2enc: fix media type handling Resolves: RHEL-14321 mod_http2 [1.15.7-10] -...
7.5CVSS
7.5AI Score
0.01EPSS
[SECURITY] Fedora 39 Update: galera-26.4.18-1.fc39
Galera is a fast synchronous multimaster wsrep provider (replication engine) for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...
4.9CVSS
5.5AI Score
0.0005EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.9CVSS
6.2AI Score
0.0004EPSS
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.
Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...
9.8CVSS
9.7AI Score
0.794EPSS
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
5.8CVSS
6.7AI Score
0.0004EPSS
Intel 2024.1 IPU - BIOS March 2024 Security Updates
Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...
7.2CVSS
7.8AI Score
0.001EPSS
Mattermost Jira Plugin does not properly check security levels
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira...
4.1CVSS
7.1AI Score
0.0004EPSS
Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2023-52425] Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
7.5CVSS
6.9AI Score
0.001EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
[SECURITY] [DLA 3817-1] thunderbird security update
Debian LTS Advisory DLA-3817-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.11.0-1~deb10u1 CVE...
7.4AI Score
0.0004EPSS