VMware Spring Cloud Functions Installed
VMware Spring Cloud Functions is installed on the remote...
1.3AI Score
6.8CVSS
7.1AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
7.8CVSS
7AI Score
EPSS
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in...
7.5CVSS
7.8AI Score
0.001EPSS
RHEL 6 : cloud-init (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896) cloud-init through...
6.7AI Score
0.001EPSS
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.66...
10CVSS
9.6AI Score
0.001EPSS
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
9.8CVSS
5.9AI Score
0.007EPSS
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the....
6.5CVSS
6.3AI Score
0.0005EPSS
Qualys Cloud Security Agent Installed (Windows)
Qualys Cloud Security Agent was detected on the remote Windows...
1.2AI Score
Adobe Creative Cloud for Mac Installed
Adobe Creative Cloud, a digital art management application, is installed on the remote Mac OS X...
0.8AI Score
7.4AI Score
0.0004EPSS
co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Lenovo System Update Installed
Lenovo System Update (formerly known as ThinkVantage System Update), a system update utility for Lenovo systems, is installed on the remote Windows...
1AI Score
Telvent OASyS System Detection
The remote host is running the Telvent OASyS Application. Telvent OASyS is a SCADA system widely used to control pipelines. It may also be found in electric, water, and other SCADA...
0.4AI Score
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
0.0005EPSS
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution.....
7.8CVSS
7AI Score
0.0004EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5CVSS
7.5AI Score
0.001EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
6.5AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details ** CVEID: CVE-2023-45285 DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to fetch a module with the ".git"...
9.8CVSS
8.6AI Score
0.002EPSS
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
8.1CVSS
7.7AI Score
0.003EPSS
7.5CVSS
7.1AI Score
0.011EPSS
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details ** CVEID: CVE-2024-1394 DESCRIPTION: **Golang golang-fips/openssl is vulnerable to a denial of service, caused by memory leaks in code encrypting and decrypting rsa payloads. By using.....
7.5CVSS
7.2AI Score
0.001EPSS
Cisco TelePresence System Detection
Nessus determined that the remote host is a Cisco TelePresence video teleconferencing...
1.4AI Score
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web...
4.8CVSS
5.3AI Score
0.0005EPSS
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Host system file access in github.com/moby/buildkit
Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build...
8.7CVSS
6.9AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2022-24990...
7.5CVSS
7.8AI Score
0.96EPSS
Pascom CPS - Local File Inclusion
Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion...
7.5CVSS
7.5AI Score
0.017EPSS
Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
Cosign malicious attachments can cause system-wide denial of service in...
4.2CVSS
4.3AI Score
0.0004EPSS
McAfee Cloud Single Sign On Detection
The remote Windows host is running McAfee Cloud Single Sign On (formerly McAfee Cloud Identity Manager), a single sign-on solution for cloud...
1.1AI Score
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input alert(991) leads to cross site scripting. It is possible to...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
6.1CVSS
6AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon...
7.5CVSS
7.5AI Score
0.001EPSS
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
8.1CVSS
7.7AI Score
0.004EPSS
Qualys Cloud Security Agent Installed (Linux)
The Qualys Cloud Security Agent package was detected on the Linux...
0.3AI Score
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS...
5.3CVSS
5.4AI Score
0.0004EPSS
7.3AI Score
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
8.1CVSS
7.7AI Score
0.003EPSS
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Toward greater transparency: Unveiling Cloud Service CVEs
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...
7AI Score
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.7CVSS
9.7AI Score
0.008EPSS
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php...
6.1CVSS
6.2AI Score
0.0005EPSS
Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds...
8.3AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...
8.1CVSS
6.4AI Score
0.001EPSS
VMware Carbon Black Cloud Endpoint Standard Inactive
VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote host but is not...
1.3AI Score