[SECURITY] Fedora 40 Update: chromium-126.0.6478.55-1.fc40
Chromium is an open-source web browser, powered by WebKit...
8.8CVSS
7.5AI Score
0.001EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.8AI Score
0.005EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.8AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...
6.8AI Score
0.0004EPSS
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5CVSS
7.2AI Score
0.732EPSS
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...
8.6CVSS
6.9AI Score
0.002EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.3AI Score
0.001EPSS
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...
8.1CVSS
6.3AI Score
0.001EPSS
Moderate: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): qt: incorrect integer overflow check (CVE-2023-51714) qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more...
9.8CVSS
7.2AI Score
0.001EPSS
Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2023-52425] Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
7.5CVSS
6.9AI Score
0.001EPSS
Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....
6.3CVSS
6.3AI Score
0.0005EPSS
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5CVSS
7.8AI Score
0.732EPSS
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.8CVSS
7.1AI Score
0.001EPSS
Important: git-lfs security update
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
6.7AI Score
0.0004EPSS
Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more...
7.5CVSS
6.4AI Score
0.001EPSS
Moderate: perl-CPAN security update
The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484) For more details about the security issue(s), including the impact, a CVSS score,...
8.1CVSS
6.6AI Score
0.004EPSS
gvisor-tap-vsock security and bug fix update
[6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves:...
7.4AI Score
0.0004EPSS
APSB24-27 : Security update available for Adobe Photoshop
Adobe has released an update for Photoshop for Windows and macOS. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code...
7.8CVSS
7.8AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0768
Updates of ['libndp'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
5.8CVSS
6.3AI Score
0.0004EPSS
Updated plasma-workspace packages fix security vulnerability
KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code.....
7.5AI Score
EPSS
Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory...
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: php-8.2.20-1.fc39
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
[SECURITY] Fedora 39 Update: tomcat-9.0.89-1.fc39
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and...
6.7AI Score
0.0004EPSS
Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...
9.8CVSS
10AI Score
0.004EPSS
Updated unbound packages fix security vulnerability
Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a...
6.7AI Score
0.0004EPSS
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the...
6.8AI Score
Typo3 Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session...
6.9AI Score
Typo3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this...
7.2AI Score
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...
7.7AI Score
0.0004EPSS
xorg-x11-server security update
[1.20.14-23] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on...
7.8CVSS
6.7AI Score
0.0005EPSS
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...
9.7AI Score
0.0004EPSS
idm:DL1 and idm:client security update
bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...
6.8CVSS
6.7AI Score
0.0004EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.8CVSS
6.7AI Score
0.0004EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.8CVSS
6.8AI Score
0.0004EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.9AI Score
0.005EPSS
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....
6.3CVSS
6.3AI Score
0.0005EPSS
Moderate: python-pillow security update
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): python-pillow: uncontrolled resource consumption when textlength in an ImageDraw...
7.5CVSS
6.5AI Score
0.001EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory Traversal...
8.1CVSS
6.8AI Score
0.009EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7.8CVSS
6.5AI Score
0.001EPSS
Moderate: python-dns security update
The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...
6.8AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...
5.9CVSS
7.2AI Score
0.0004EPSS
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
5.8CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Improper Neutralization of HTTP Headers in...
4.3CVSS
6.8AI Score
0.0004EPSS
LaunchAnyWhere bellow Android T even on latest Android security patch
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.1AI Score
EPSS
[SECURITY] Fedora 40 Update: libvirt-10.1.0-2.fc40
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization...
6.2CVSS
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: efifs-1.9-6.fc40
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0 read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btrfs, exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including the compression support), ISO9660, JFS (Journaled FileSystem),...
6CVSS
6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: efifs-1.9-6.fc39
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0 read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btrfs, exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including the compression support), ISO9660, JFS (Journaled FileSystem),...
6CVSS
6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: strongswan-5.9.14-1.fc40
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux...
9.8CVSS
6.9AI Score
0.004EPSS