Apache HugeGraph-Server - Remote Command Execution
Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution...
6.5AI Score
0.001EPSS
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
9.4AI Score
0.0004EPSS
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
MileSight DeviceHub - CWE-305 Missing Authentication for Critical...
10CVSS
7.1AI Score
0.0004EPSS
CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2...
7.2CVSS
7.2AI Score
0.0004EPSS
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated...
9.8CVSS
6.9AI Score
0.0004EPSS
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details ** CVEID: CVE-2023-6516 DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...
7.5CVSS
8AI Score
0.963EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a...
4.7CVSS
7AI Score
0.0004EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
0.019EPSS
Sensitive Information Disclosure
ethyca_fides is vulnerable to Information Disclosure. The vulnerability is due to improper masking of nested sensitive fields such as private_key in the BigQuery connection configuration, which allows an attacker to expose the sensitive fields in plaintext via certain API...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through...
7.1CVSS
0.0004EPSS
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...
7.5CVSS
7.6AI Score
0.02EPSS
Grafana Snapshot - Authentication Bypass
Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by...
9.8CVSS
8.2AI Score
0.91EPSS
Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go (essentially VADP 'VM' backup). Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...
8.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a...
4.7CVSS
7AI Score
0.0004EPSS
Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...
9.8CVSS
9.5AI Score
0.939EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support...
6.8AI Score
0.0004EPSS
9.8CVSS
9AI Score
0.783EPSS
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is...
7CVSS
6.6AI Score
0.001EPSS
AIX is affected by information disclosure due to Python (CVE-2024-28757)
IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...
7.3AI Score
0.0004EPSS
Summary An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-21012 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....
3.7CVSS
6.4AI Score
0.001EPSS
Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...
4.7CVSS
10AI Score
0.0004EPSS
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.5CVSS
6.9AI Score
0.001EPSS
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do.....
7.5CVSS
6.6AI Score
0.007EPSS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
7.7AI Score
0.0004EPSS
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, to....
9.8CVSS
9.7AI Score
0.003EPSS
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during....
6.7AI Score
0.0004EPSS
Summary IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code when XMLUnit is used to transform data with a stylesheet from an untrusted source. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-31573 ...
7.8AI Score
EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...
4.7CVSS
5.9AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.7AI Score
0.001EPSS
Unix Operating System Unsupported Version Detection
According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...
7.6AI Score
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
7.3AI Score
0.0004EPSS
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
7.2AI Score
0.0004EPSS
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
6.3AI Score
0.0004EPSS
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated...
9.8CVSS
9.5AI Score
0.0004EPSS
Summary If Jazz Authentication Service is enabled, IBM Jazz Reporting System shows the JSA Client Secret in plain text. Vulnerability Details ** CVEID: CVE-2024-25052 DESCRIPTION: **IBM Jazz Reporting Service stores user credentials in plain clear text which can be read by an Admin user. CVSS...
4.4CVSS
6.3AI Score
0.0004EPSS
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated...
9.8CVSS
9.5AI Score
0.0004EPSS
ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is...
7.8CVSS
7.8AI Score
0.001EPSS
Summary There are vulnerabilities in VMware Tanzu Spring Security and Framework used by Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details ** CVEID:...
8.2CVSS
7.5AI Score
0.0004EPSS
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled (please see the RKE documentation). When...
6.2AI Score
EPSS
Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section....
3.3CVSS
6.2AI Score
0.0004EPSS
Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...
6.1CVSS
6.5AI Score
0.0004EPSS
Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...
3.3CVSS
6.9AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. Notes Author| Note...
7.8CVSS
6.6AI Score
0.0004EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...
9.8CVSS
9.3AI Score
0.974EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...
8.2CVSS
6.9AI Score
0.0004EPSS
openSUSE: Security Advisory for git (openSUSE-SU-2024:0130-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.0004EPSS
[SECURITY] [DSA 5700-1] python-pymysql security update
Debian Security Advisory DSA-5700-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2024 https://www.debian.org/security/faq Package : python-pymysql CVE ID : CVE-2024-36039 An SQL...
7.2AI Score
0.0004EPSS
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...
3.3CVSS
4AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score