Rancher's Steve API Component Improper authorization check allows privilege escalation
Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...
8.8CVSS
6.5AI Score
0.002EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
0.0004EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
8.1CVSS
6.2AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: crosswords-0.3.13-1.fc40
A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...
7.4AI Score
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX...
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes...
6.4CVSS
6.1AI Score
0.0004EPSS
Snakeyaml vulnerable to Stack overflow leading to denial of service
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
6.5CVSS
6.6AI Score
0.006EPSS
Issue Overview: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. (CVE-2024-1013) Affected Packages: ...
7.1CVSS
6.7AI Score
0.0004EPSS
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...
6.1CVSS
0.0004EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
7AI Score
0.0004EPSS
Snakeyaml vulnerable to Stack overflow leading to denial of service
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
6.5CVSS
5.1AI Score
0.006EPSS
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...
7.5CVSS
9.1AI Score
0.008EPSS
[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
SQL Injection in Harbor scan log API
Impact A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...
2.7CVSS
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: ntpd-rs-1.1.2-2.fc39
Full-featured implementation of NTP with NTS...
7.3AI Score
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2019-11358 DESCRIPTION: **jQuery, as used in Drupal core, is...
6.1CVSS
6.2AI Score
0.035EPSS
CVE-2024-36396 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
Verint - CWE-434: Unrestricted Upload of File with Dangerous...
8.8CVSS
0.0004EPSS
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...
6.1CVSS
0.0004EPSS
Veeam Support Knowledge Base answer to: Troubleshooting '401 - Unauthorized' or 'x509' Errors When Accessing the Veeam Kasten for Kubernetes...
7.2AI Score
[SECURITY] [DSA 5704-1] pillow security update
Debian Security Advisory DSA-5704-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : pillow CVE ID : CVE-2023-44271 CVE-2023-50447...
8.1CVSS
8.1AI Score
0.001EPSS
How-To Export Windows Event Logs
This article provides step-by-step instructions to export Windows events for Veeam...
3AI Score
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support...
6.8AI Score
0.0004EPSS
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
6.5CVSS
7.2AI Score
0.006EPSS
(RHSA-2024:2987) Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
7AI Score
0.005EPSS
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...
6.4CVSS
5.8AI Score
0.0004EPSS
Exploit for Improper Authentication in Bluetooth Bluetooth Core Specification
README Repository about the BLUR attacks presented at...
7.6AI Score
Sensitive Information Disclosure
urllib3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the Proxy-Authorization header, which is not removed on cross-origin redirects, which could allow an attacker to expose sensntive authentication material to unintended hosts. Note that this.....
4.4CVSS
4.7AI Score
0.0004EPSS
openSUSE Security Update : wireshark (openSUSE-2019-399)
This update for wireshark fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files (boo#1094301) : CVE-2018-11356: DNS dissector crash ...
7.5CVSS
7.3AI Score
0.004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation [CVE-2023-52425]. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed....
7.5CVSS
6.7AI Score
0.001EPSS
Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. (CVE-2024-3049) Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2...
5.9CVSS
6.7AI Score
0.001EPSS
Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details ** CVEID: CVE-2023-43040 DESCRIPTION: **IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph...
6.5CVSS
6.2AI Score
0.0004EPSS
Summary Used by IBM Decision Optimization for IBM Cloud Pak for Data, Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details **...
5.5CVSS
6.5AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: rust-cpc-1.9.3-3.fc39
Evaluates math expressions, with support for units and conversion between...
7.4AI Score
Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP...
7.5CVSS
5.3AI Score
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...
7.5CVSS
7.5AI Score
0.001EPSS
Granular Log Collection Guide for SOBR Capacity/Archive Tier Issues
This article documents an advanced granular log collection method designed to minimize the log bundle size when submitting Veeam Support cases for issues related to the capacity tier or archive tier of a Scale-Out Backup...
6.9AI Score
libvirt security and bug fix update
[10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before...
6.2CVSS
8.3AI Score
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
7AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder [CVE-2024-22259]. VMware Tanzu Spring Framework is used in our Speech Microservices. This...
8.1CVSS
6.3AI Score
0.0004EPSS
vertx-core is vulnerable to a Memory Leak. The vulnerability is due to erroneous caching in the server name map for TCP servers configured with TLS and SNI support. This allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory...
5.4CVSS
6.7AI Score
0.0004EPSS
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2020-23064 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.1CVSS
6.4AI Score
0.035EPSS
[SECURITY] Fedora 40 Update: libvirt-10.1.0-2.fc40
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization...
6.2CVSS
6.8AI Score
0.0004EPSS
[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...
7CVSS
7.8AI Score
0.002EPSS
Summary IBM Security SOAR uses an older version of ElasticSearch that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.1 or later of IBM Security SOAR. Vulnerability Details ** CVEID: CVE-2024-23450 ...
7.5CVSS
6.9AI Score
0.005EPSS
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
9.9CVSS
8.2AI Score
0.001EPSS
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
9.8CVSS
7.5AI Score
0.001EPSS
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2020-11022 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.9CVSS
6.3AI Score
0.061EPSS
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.9CVSS
6.3AI Score
0.019EPSS
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...
7.2AI Score
EPSS