Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20919) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
6.9AI Score
0.0005EPSS
Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...
7.9AI Score
0.0004EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20926) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
7.1AI Score
0.001EPSS
[SECURITY] [DSA 5682-1] glib2.0 security update
Debian Security Advisory DSA-5682-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2024 https://www.debian.org/security/faq Package : glib2.0 CVE ID : CVE-2024-34397 Alicia Boya Garcia...
6.5AI Score
0.0004EPSS
[SECURITY] [DLA 3806-1] distro-info-data database update
Debian LTS Advisory DLA-3806-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera May 01, 2024 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.41+deb10u9 This is a...
6.8AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
9.6AI Score
0.005EPSS
atl_token parameter visible from the URL
h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce # Login to Bamboo # Create plans and generate report # Application sends a token through the URL itself. h3. Expected Results Application should not send atl_token parameter in URL h3. Actual Results application...
6.9AI Score
(RHSA-2024:2071) Moderate: OpenShift Container Platform 4.15.11 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.11. See the following advisory for the container...
7.4AI Score
0.0004EPSS
Summary Potential Pillow arbitrary code execution vulnerabilitity have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-50447 ...
8.4AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.9AI Score
0.056EPSS
[SECURITY] [DLA 3809-1] libkf5ksieve security update
Debian LTS Advisory DLA-3809-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 05, 2024 https://wiki.debian.org/LTS Package : libkf5ksieve Version : 4:18.08.3-2+deb10u1 CVE...
6.7AI Score
0.0004EPSS
[SECURITY] [DLA 3818-1] apache2 security update
Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...
5.3CVSS
7.9AI Score
Exploit for Deserialization of Untrusted Data in Atlassian Bitbucket Data Center
CVE-2022-26133 说明 Atlassian Bitbucket Data Center...
1.3AI Score
0.007EPSS
cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322,...
7.4AI Score
0.0005EPSS
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? (It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647) In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH...
7.6AI Score
0.003EPSS
Deserialization Of Untrusted Data
org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandler#handlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandler#executeRequest. This issue can be exploited by an...
7.6AI Score
0.001EPSS
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource....
4.6AI Score
0.001EPSS
Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento...
6.9AI Score
Deserialization Of Untrusted Data
symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...
7.4AI Score
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability in the {{widgetconnector}} plugin. When running in an environment like Amazon EC2, this flaw may be used to...
4.5AI Score
0.001EPSS
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
6.8AI Score
0.0004EPSS
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE:....
5.3CVSS
5.9AI Score
0.006EPSS
Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2017-15718 DESCRIPTION: **Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN...
10AI Score
0.09EPSS
Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2021-43045 DESCRIPTION: **Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...
6.5AI Score
0.001EPSS
Bypass of device carrier restrictions (OS Version = android 12)
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.1AI Score
0.0004EPSS
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details ** CVEID: CVE-2015-1772 DESCRIPTION: **Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error.....
10AI Score
0.802EPSS
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2021-28170 DESCRIPTION: **Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused...
10AI Score
0.027EPSS
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2023-41080 DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
10AI Score
0.033EPSS
(RHSA-2024:1899) Important: OpenShift Container Platform 4.12.56 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.56. See the following advisory for the container...
7.4AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress, caused by an out of memory error [CVE-2024-26308]. Apache Commons Compress is used as part of our Speech runtimes. This vulnerabilitiy has been addressed. Please....
5.8AI Score
0.001EPSS
(RHSA-2024:2049) Important: OpenShift Container Platform 4.13.41 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.41. See the following advisory for the container...
7.4AI Score
0.0005EPSS
Deserialization Of Untrusted Data
joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array() function within numpy_pickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted...
7.6AI Score
Deserialization Of Untrusted Data
illuminate/cookie is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure cookie encryption and serialization logic, which allows attackers to potentially decrypt or manipulate cookie data, resulting in arbitrary code...
7.5AI Score
(RHSA-2024:1892) Important: OpenShift Container Platform 4.15.10 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.10. See the following advisory for the container...
4.2AI Score
0.0004EPSS
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and Server
This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 7.21.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server....
6.9AI Score
0.0005EPSS
Issue Overview: 2024-05-09: CVE-2020-20703 was added to this advisory. Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. (CVE-2020-20703) vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903) A flaw was found in.....
8.4AI Score
0.003EPSS
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other...
9.8CVSS
9.3AI Score
0.001EPSS
7.4AI Score
0.975EPSS
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix [CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589] Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled...
7AI Score
0.005EPSS
Exploit for Vulnerability in Atlassian Confluence Data Center
红队工具-Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具 漏洞影响范围...
9.9AI Score
0.972EPSS
Exploit for Injection in Atlassian Confluence Data Center
CVE-2023-22527-Godzilla-MEMSHELL Usage **ps:...
9.9AI Score
0.975EPSS
Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service (CVE-2023-52425, CVE-2023-52426) or launch further attacks on the system (CVE-2023-6597). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID:...
7.7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
nse-exchange Nmap NSE scripts to check against exchange...
8.3AI Score
Deserialization Of Untrusted Data
Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...
7AI Score
0.003EPSS
Exploit for Vulnerability in Atlassian Confluence Data Center
CVE-2023-22515 Exploit Script 🔐 This script is designed to...
9.8AI Score
0.972EPSS
Exploit for Injection in Atlassian Confluence Data Center
Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...
9.8AI Score
0.975EPSS
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze...
6.9AI Score
0.0004EPSS
cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322,...
7.4AI Score
0.0005EPSS
9.8AI Score
0.972EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages glib2.0 - GLib library of C routines Details Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety...
7AI Score
0.0004EPSS