Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS...
5.3CVSS
5.4AI Score
0.0004EPSS
Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update
Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile (WLP) to version 24.0.0.6 for security update in WLP. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) |...
9.8CVSS
7.3AI Score
0.001EPSS
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...
4.4CVSS
4.8AI Score
0.0004EPSS
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
go-toolset:ol8 security update
delve golang [1.20.12-8] - Update sources file - Related: RHEL-27928 [1.20.12-7] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-6] - Fix CVE-2023-45288 - Resolves: RHEL-31914...
7.4AI Score
0.0004EPSS
openSUSE Security Update : wireshark (openSUSE-2019-837)
This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated...
7.5CVSS
7.8AI Score
0.007EPSS
Issue Overview: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. (CVE-2023-5992) Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2...
5.9CVSS
6.7AI Score
0.001EPSS
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions...
6.1CVSS
5.4AI Score
0.001EPSS
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
7.5CVSS
6.5AI Score
0.002EPSS
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...
8.7CVSS
5.9AI Score
0.006EPSS
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
7.5CVSS
7.4AI Score
0.002EPSS
Veeam Primary Storage Integration processing overview
Veeam Support Knowledge Base answer to: Veeam Primary Storage Integration processing...
4.2AI Score
Grafana Plugin signature bypass
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.8CVSS
7.7AI Score
0.001EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...
8.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...
7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
Grafana Stored Cross-site Scripting in Unified Alerting in...
8.7CVSS
8.2AI Score
0.006EPSS
Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
Grafana account takeover via OAuth vulnerability in...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support...
8.6CVSS
8.7AI Score
0.0004EPSS
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
5.3CVSS
6.2AI Score
0.0004EPSS
curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...
6.1AI Score
0.0004EPSS
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through...
9.9CVSS
9.6AI Score
0.0004EPSS
**This repository is provided AS IS to accompany [a Meta Red...
7.8CVSS
7.8AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
5.9CVSS
4.6AI Score
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.8AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: libvirt-9.7.0-4.fc39
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization...
6.2CVSS
7.2AI Score
0.0004EPSS
Exports Don't Work After Veeam Kasten for Kubernetes Reinstall
Veeam Support Knowledge Base answer to: Exports Don't Work After Veeam Kasten for Kubernetes...
7.2AI Score
Cloned-Restore Fails on OpenShift Clusters with ImagePull Error
Veeam Support Knowledge Base answer to: Cloned-Restore Fails on OpenShift Clusters with ImagePull...
7.1AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...
7AI Score
0.0004EPSS
(RHSA-2024:2651) Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) For more details about the...
9.6AI Score
0.0004EPSS
[SECURITY] [DSA 5688-1] atril security update
Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq Package : atril CVE ID : CVE-2023-52076 It was discovered...
9.6CVSS
5.9AI Score
0.005EPSS
[SECURITY] [DSA 5705-1] tinyproxy security update
Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : tinyproxy CVE ID : CVE-2023-49606 A use-after-free...
9.8CVSS
9.5AI Score
0.001EPSS
BWL Advanced FAQ Manager < 2.0.4 - Authenticated (Administrator+) SQL Injection
Description The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
7.6CVSS
7.2AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: booth-1.0-283.5.9d4029a.git.fc39
Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in...
5.9CVSS
7.2AI Score
0.001EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 A code injection attack on spring cloud...
10CVSS
7.4AI Score
0.975EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding...
4.7CVSS
6.8AI Score
0.0004EPSS
Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. (CVE-2024-1298) Affected Packages: edk2 Note: This...
6CVSS
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtvirtualkeyboard-6.7.1-1.fc40
The Qt Virtual Keyboard project provides an input framework and reference k eyboard frontend for Qt 6. Key features include: * Customizable keyboard layouts and styles with dynamic switching. * Predictive text input with word selection. * Character preview and alternative character view. *...
6.3AI Score
0.0004EPSS
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass Script to check...
9.8CVSS
9.2AI Score
0.97EPSS
[SECURITY] Fedora 40 Update: booth-1.2-1.fc40
Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in...
5.9CVSS
7.2AI Score
0.001EPSS
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify...
9.1CVSS
9.4AI Score
0.005EPSS
Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner
Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...
7.1AI Score
Veeam Kasten for Kubernetes - vSphere Block Mode Exports Failure With Error 14009
Veeam Support Knowledge Base answer to: Veeam Kasten for Kubernetes - vSphere Block Mode Exports Failure With Error...
7.2AI Score
authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified.....
9.8CVSS
9.5AI Score
0.002EPSS