gvisor-tap-vsock security and bug fix update
An update is available for gvisor-tap-vsock. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A replacement for libslirp and VPNKit, written in pure Go. It is...
5.1AI Score
0.0004EPSS
ruby:3.1 security, bug fix, and enhancement update
An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available...
6AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0640
Updates of ['libxml2', 'linux', 'linux-aws'] packages of Photon OS have been...
9.8CVSS
9.5AI Score
0.001EPSS
[SECURITY] [DLA 3817-1] thunderbird security update
Debian LTS Advisory DLA-3817-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.11.0-1~deb10u1 CVE...
7.4AI Score
0.0004EPSS
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0300
Updates of ['libndp'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.001EPSS
gvisor-tap-vsock security and bug fix update
[6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves:...
7.4AI Score
0.0004EPSS
Updated wireshark packages fix security vulnerabilities
Memory handling issue in editcap could cause denial of service via crafted capture file. (CVE-2024-4853) MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file....
6.4CVSS
7AI Score
0.0004EPSS
Updated libreoffice packages fix security vulnerability
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted....
6.4AI Score
0.0004EPSS
Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
7AI Score
0.0004EPSS
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related...
6.3CVSS
6.3AI Score
0.001EPSS
A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This...
5.5CVSS
5.4AI Score
0.0004EPSS
Zendframework potential security issue in login mechanism
Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....
7.2AI Score
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM.....
9.1CVSS
9.4AI Score
0.732EPSS
Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
Erroneous authentication pass in Spring Security
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null...
8.2CVSS
8.3AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: python-authlib-1.3.1-1.fc39
Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are...
7.5CVSS
7AI Score
0.001EPSS
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
Important Photon OS Security Update - PHSA-2024-3.0-0769
Updates of ['linux-esx', 'linux-rt', 'linux', 'linux-aws'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
[2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves:...
6.5CVSS
7AI Score
0.001EPSS
[4.0.9-31] - Fix CVE-2022-3599 CVE-2022-4645 - Resolves: RHEL-5399 [4.0.9-30] - Bump specfile to retrigger gating - Add tests folder for standard beakerlib - Related: RHEL-4683 RHEL-4685 RHEL-4686 RHEL-4687...
6.8CVSS
6.9AI Score
0.0004EPSS
[3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm:...
5.5CVSS
6.9AI Score
0.0004EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.8AI Score
0.005EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.8AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...
6.8AI Score
0.0004EPSS
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5CVSS
7.2AI Score
0.732EPSS
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...
8.6CVSS
6.9AI Score
0.002EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.3AI Score
0.001EPSS
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...
8.1CVSS
6.3AI Score
0.001EPSS
Moderate: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): qt: incorrect integer overflow check (CVE-2023-51714) qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more...
9.8CVSS
7.2AI Score
0.001EPSS
ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....
7.2AI Score
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
Moderate: perl-CPAN security update
The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...
8.1CVSS
6.6AI Score
0.004EPSS
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Improper Neutralization of HTTP Headers in...
4.3CVSS
6.8AI Score
0.0004EPSS
LaunchAnyWhere bellow Android T even on latest Android security patch
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.1AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...
6.5AI Score
0.0004EPSS
[1:16.20.2-8.0.1] - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982,...
5.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: python-PyMySQL-1.1.1-1.fc40
This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and...
6.4AI Score
0.0004EPSS
Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
7.8CVSS
6.9AI Score
0.001EPSS
[1.6.8-8] - Backport fix for Xlib lockups due to recursive XError (RHEL-23452) [1.6.8-7] - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() - Fix CVE-2023-43787: integer overflow in XCreateImage()...
7.8CVSS
7.5AI Score
0.0004EPSS
[2.3.4-20] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted...
5.5CVSS
6.7AI Score
0.0004EPSS
[1.7.5-4] - Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive...
7.5CVSS
7.1AI Score
0.002EPSS
[0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 [0.10.18-1] - Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7741 [0.10.17-6] -...
5.8CVSS
6.9AI Score
0.0004EPSS
[3:2.1.0-8] - add gating.yaml [3:2.1.0-7] - fix improper command line parsing...
5.5CVSS
7.1AI Score
0.0004EPSS
[7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves:....
7.5CVSS
7.2AI Score
0.005EPSS