Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
7.5CVSS
7.8AI Score
0.0004EPSS
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....
8.1CVSS
8AI Score
0.0005EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...
9.8CVSS
9.7AI Score
0.015EPSS
Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...
7.5CVSS
8.1AI Score
0.0004EPSS
Denial of Service in dhowden/tag
dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...
6.5CVSS
6.4AI Score
0.001EPSS
Denial of Service in dhowden/tag
dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...
6.5CVSS
3.6AI Score
0.001EPSS
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-24919......
8.6CVSS
6.3AI Score
0.945EPSS
Checkpoint POC Exploit for testing purposes to retrieve...
8.6CVSS
6.2AI Score
0.945EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Impact What kind of vulnerability is it? Who is impacted? The Karmada components deployed with karmadactl, karma-operator, and helm chart take Golang default cipher suites as part of the TLS protocol, which includes the insecure algorithm. Referring to...
7.1AI Score
Minder affected by denial of service from maliciously configured Git repository in...
5.7CVSS
6.7AI Score
0.0004EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
[4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute...
8.1CVSS
6.8AI Score
0.0005EPSS
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)
Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID: CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...
5.9CVSS
6.3AI Score
0.0004EPSS
9.8CVSS
10AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network...
9.2AI Score
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is...
6.7AI Score
0.0004EPSS
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA...
7.5CVSS
7.1AI Score
0.001EPSS
2 Weeks Out: Evolution at RSAC 2024
Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging...
7.3AI Score
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...
5.8CVSS
6.8AI Score
0.0004EPSS
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...
7.2AI Score
0.0004EPSS
Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI
Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes....
2.7CVSS
6.2AI Score
0.0004EPSS
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the.....
5.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-24919-POC A Simple tool to Automate CVE-2024-24919...
8.6CVSS
8.7AI Score
0.945EPSS
Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...
7.5CVSS
6.9AI Score
0.0005EPSS
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not...
6.8AI Score
0.0004EPSS
K000139628: Out-of-band Security Notification (May 29, 2024)
Security Advisory Description On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch...
6.5CVSS
5.6AI Score
0.0004EPSS
apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko
apko Exposure of HTTP basic auth credentials in log output in...
7.5CVSS
7.5AI Score
0.0004EPSS
AIX is vulnerable to denial of service due to ISC BIND
IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...
7.5CVSS
8.1AI Score
0.05EPSS
9.8CVSS
7.4AI Score
0.0004EPSS
Denial of service of Minder Server with attacker-controlled REST endpoint
The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....
5.3CVSS
7AI Score
0.0004EPSS
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue() and quoteValueList(), allow users to manually quote values for creating SQL statements; these are in turn consumed...
7.7AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...
7.8CVSS
8.6AI Score
0.001EPSS
Denial Of Service (DoS) Through Infinite Loop
libX11.so is vulnerable to Denial of Service (DoS). The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of....
5.5CVSS
6.7AI Score
0.0004EPSS
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...
6.6AI Score
EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2021-22555 pipe version Using pipe-primitive to...
8.3CVSS
0.5AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation in Spring Framework
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator...
5.4CVSS
4AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...
6.5CVSS
6AI Score
0.001EPSS
7.1AI Score
7.1AI Score
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service...
7AI Score
Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID: CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...
7.5CVSS
7.7AI Score
0.0004EPSS
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...
6.5CVSS
7.5AI Score
0.0004EPSS
CVE-2021-38314 Python Exploit Detail The Gutenberg...
5.3CVSS
5.5AI Score
0.002EPSS
CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...
8.6CVSS
6.3AI Score
0.945EPSS