FFRI Security, Inc. Security Vulnerabilities
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-41419 DESCRIPTION: **Gevent could allow a remote attacker to...
9.9CVSS
10AI Score
0.97EPSS
Summary IBM WebSphere Application Server, which is shipped with IBM Security Access Manager for Enterprise Single Sign-On, is vulnerable to a denial of service. Apply updates as referenced in the Remediation/Fixes section below. Vulnerability Details Refer to the security bulletin(s) listed in...
5.9CVSS
5.7AI Score
0.0004EPSS
inc-conso.fr Cross Site Scripting vulnerability OBB-3872425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...
10CVSS
10AI Score
0.05EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.16, or 2.x prior to 2.346.4.1. It is, therefore, affected by multiple vulnerabilities, including the following: Loading specially-crafted yaml with the Kubernetes Java...
6.7CVSS
6.6AI Score
0.001EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following: A cross-site request...
8.8CVSS
6.3AI Score
0.001EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.14, or 2.x prior to 2.332.4.1 or 2.346.1.4. It is, therefore, affected by multiple vulnerabilities, including the following: Jenkins Pipeline: Input Step Plugin...
9.1CVSS
6.6AI Score
0.002EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: Jenkins Pipeline: Shared Groovy Libraries Plugin...
8.8CVSS
6.2AI Score
0.001EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.7, 2.303.x prior to 2.303.30.0.6, or 2.x prior to 2.319.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: Jenkins Pipeline: Groovy...
8.8CVSS
7.6AI Score
0.001EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: Jenkins Docker Commons Plugin 1.17 and earlier does not...
8.8CVSS
6.5AI Score
0.002EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.4, or 2.x prior to 2.319.2.9. It is, therefore, affected by a remote code execution vulnerability in the Kubernetes Client API. An authenticated, local attacker can...
6.7CVSS
7.1AI Score
0.0005EPSS
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...
5.3CVSS
7AI Score
0.0005EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:...
7.4CVSS
7AI Score
0.0004EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: CVE-2022-38751 on snakeyaml (fixed train 2.346.x.0.z)...
9.8CVSS
8.2AI Score
0.215EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.13, or 2.x prior to 2.332.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: Jenkins Rundeck Plugin 3.6.10 and earlier does not...
8.8CVSS
7.3AI Score
0.002EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.3, or 2.x prior to 2.319.1.5. It is, therefore, affected by a multiple vulnerabilities, including the following: When reading a specially crafted TAR archive, Compress...
7.5CVSS
7.8AI Score
0.014EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.15, or 2.x prior to 2.346.2.3. It is, therefore, affected by multiple vulnerabilities, including the following: A cross-site request forgery (CSRF) vulnerability in...
8.8CVSS
6.5AI Score
0.012EPSS
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.6, 2.303.x prior to 2.303.30.0.5, or 2.x prior to 2.319.3.3. It is, therefore, affected by multiple vulnerabilities: XStream is an open source java library to serialize...
7.5CVSS
7.7AI Score
0.012EPSS
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....
Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....
7.3AI Score
0.0004EPSS
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this...
7.1CVSS
6.8AI Score
0.001EPSS
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...
5.9CVSS
5.7AI Score
0.008EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2022-2586-LPE LPE N-day Exploit for...
7.8CVSS
7.2AI Score
0.0004EPSS
Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details ** CVEID: CVE-2022-32753 DESCRIPTION: **IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...
7.2CVSS
5.3AI Score
0.001EPSS
Summary IBM QRadar SIEM on Azure Cloud deployed from Azure Marketplace is vulnerable to a remote code execution issue found within the Microsoft Open Management Infrastructure (OMI). The information below shows how to remove this vulnerable component. Vulnerability Details ** CVEID:...
9.8CVSS
8AI Score
0.001EPSS
Jenkins Script Security Plugin sandbox bypass vulnerability
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call...
7.8AI Score
0.0004EPSS
CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...
9.8CVSS
10AI Score
0.002EPSS
An issue was discovered in the LDAP component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:.....
9.8CVSS
7.5AI Score
0.006EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details ** CVEID: CVE-2024-28102 DESCRIPTION: **JWCrypto is...
8.1CVSS
8.3AI Score
0.01EPSS
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call...
7.8AI Score
0.0004EPSS
Symphony Denial of Service Via Overlong Usernames
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers....
7.5CVSS
6.7AI Score
0.01EPSS
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the _failure_path input field of login forms, an attacker can work around the redirection target...
6.1CVSS
6.5AI Score
0.006EPSS
Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been...
7.5CVSS
7.8AI Score
0.001EPSS
6.7AI Score
0.0004EPSS
7.8CVSS
8.8AI Score
EPSS
New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-29.4-i586-1_slack15.0.txz: Upgraded. Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability: ...
7.6AI Score
A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This...
5.5CVSS
5.3AI Score
0.0004EPSS
Symfony Denial of Service Via Long Password Hashing
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a.....
6.9AI Score
0.002EPSS
In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.The vulnerability requires an...
6.5CVSS
6.3AI Score
0.0004EPSS
5.3CVSS
7.2AI Score
0.001EPSS
6.5AI Score
0.0004EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.7CVSS
9.7AI Score
0.008EPSS
[3.11.7-1.1] - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves:...
7.8CVSS
7.8AI Score
0.0004EPSS
[3.11.9-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.9-1] - Rebase to 3.11.9 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix expat tests for the latest expat security release Resolves: RHEL-33672,...
7.8CVSS
7.1AI Score
0.0005EPSS
8.8CVSS
6.8AI Score
0.001EPSS
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: ...
9.8CVSS
9AI Score
0.001EPSS
7.2AI Score
0.0004EPSS
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the _failure_path input field of login forms, an attacker can work around the redirection target...
6.1CVSS
6.5AI Score
0.006EPSS