ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
cockpit-session-recording bug fix and enhancement update
An update is available for cockpit-session-recording. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...
6.8AI Score
intel-cmt-cat bug fix and enhancement update
An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
perl-HTTP-Tiny bug fix and enhancement update
An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
alsa-sof-firmware bug fix and enhancement update
An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....
6.8AI Score
Exploit for Improper Input Validation in Microsoft
Pachine Python implementation for CVE-2021-42278 (Active...
8.7AI Score
Can access comments and attachments of deleted cards
Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...
4.3CVSS
6.6AI Score
0.0004EPSS
open-vm-tools bug fix and enhancement update
An update is available for open-vm-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
8.1CVSS
7.1AI Score
0.005EPSS
ibus-typing-booster bug fix and enhancement update
An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
6.8AI Score
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Jira Server and Data Center - Information Disclosure
Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before...
5.3CVSS
5AI Score
0.97EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
hutool-json Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.1AI Score
0.001EPSS
gvisor-tap-vsock security and bug fix update
[6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves:...
7.4AI Score
0.0004EPSS
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a...
6.5AI Score
EPSS
Moderate: containernetworking-plugins security and bug fix update
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
5.2AI Score
0.0004EPSS
Moderate: containernetworking-plugins security and bug fix update
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
5.2AI Score
0.0004EPSS
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC Go to settings and change the...
7.7AI Score
0.0004EPSS
jackson-databind Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
8.5AI Score
0.002EPSS
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF...
6.7AI Score
EPSS
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
jackson-databind Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.5AI Score
0.001EPSS
D-Link DIR-600/DIR 300 RCE Vulnerabilities
D-Link DIR-600 and DIR 300 products are prone to a remote code execution (RCE) vulnerability. This vulnerability was known to be exploited by the IoT...
7.4AI Score
org.apache.velocity Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, and 7.21.7 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
7.7AI Score
0.002EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a...
6.8AI Score
EPSS
D-Link DIR-868L StarHub Firmware RCE Vulnerability
D-Link DIR-868L devices are prone to a pre-authenticated remote code execution (RCE)...
9.8CVSS
9.8AI Score
0.018EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...
8.8CVSS
3.2AI Score
0.008EPSS
d-hearing.com Cross Site Scripting vulnerability OBB-3905139
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Build Numbers and Versions of Veeam Recovery Orchestrator
This KB article lists all versions of Veeam Recovery Orchestrator and their respective build...
6.9AI Score
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...
7.7AI Score
0.0004EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
0.001EPSS
GeoServer JAI-EXT extension command injection
Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...
8AI Score
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...
9.7AI Score
0.0004EPSS
idm:DL1 and idm:client security update
bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...
6.8CVSS
6.7AI Score
0.0004EPSS
bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-50] - Rebuild...
7.5CVSS
6.8AI Score
0.05EPSS
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via....
4.2CVSS
1.5AI Score
0.97EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
6.7AI Score
0.001EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Go to to Quizzes & Surveys 2. Add/edit a....
5.2AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
FortiGate cve-2024-21762-checker This script is used to check...
9.8CVSS
7.2AI Score
0.018EPSS
Bypass access restriction on Android/data/directory and all subdirectories
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3AI Score
0.0004EPSS
7.4AI Score
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...
6.9AI Score
EPSS
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.1CVSS
7.1AI Score
0.005EPSS
Potential DoS via the Tudoor mechanism in eventlet and dnspython
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which....
6.4AI Score
0.0004EPSS
Potential DoS via the Tudoor mechanism in eventlet and dnspython
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which....
6.8AI Score
0.0004EPSS
dotmesh arbitrary file read and/or write
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
8.1CVSS
7.7AI Score
0.0004EPSS