(RHSA-2024:3545) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more...
6.6AI Score
0.0004EPSS
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated...
8.8CVSS
8AI Score
0.001EPSS
CVE-2024-38620 Bluetooth: HCI: Remove HCI_AMP support
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
6.9AI Score
0.0004EPSS
CVE-2024-38620 Bluetooth: HCI: Remove HCI_AMP support
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
0.0004EPSS
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified...
7.2CVSS
7.1AI Score
0.001EPSS
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the...
6.5CVSS
7.2AI Score
0.0005EPSS
WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send
Description The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to send arbitrary...
5.3CVSS
6.8AI Score
0.0005EPSS
9CVSS
9.2AI Score
0.001EPSS
CVE-2024-35695 WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2024-35695 WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....
0.0004EPSS
nodejs [1:18.20.2-1] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon...
5.3CVSS
7.3AI Score
0.0004EPSS
CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...
4.4CVSS
7AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon...
5.3CVSS
7.3AI Score
0.0004EPSS
9.8CVSS
7.2AI Score
0.001EPSS
IPMI MD2 Auth Type Support Enabled (IPMI Protocol)
The remote Intelligent Platform Management Interface (IPMI) service has MD2 auth type support...
7.5AI Score
CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...
4.4CVSS
0.0004EPSS
CVE-2024-35696 WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through...
7.1CVSS
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...
6.9AI Score
An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and...
7.3AI Score
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts....
6.1CVSS
6.4AI Score
0.0005EPSS
Exploit for Authentication Bypass by Spoofing in Zabbix
zabbix-saml-bypass-poc cve-2022-23131 ...
9.3AI Score
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.7AI Score
0.0004EPSS
Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2024-38319)
Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details ** CVEID: CVE-2024-38319 DESCRIPTION: **IBM Security SOAR could allow an authenticated user to execute malicious code loaded...
7.5CVSS
7.1AI Score
0.0004EPSS
nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon...
5.3CVSS
7.3AI Score
0.0004EPSS
CVE-2021-47591 mptcp: remove tcp ulp setsockopt support
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...
0.0004EPSS
An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...
7.5CVSS
7.2AI Score
0.0004EPSS
An update is available for module.varnish, varnish-modules, varnish, module.varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a.....
7.2AI Score
0.0004EPSS
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system...
8CVSS
7.8AI Score
0.001EPSS
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts....
6.1CVSS
6AI Score
0.0005EPSS
CVE-2024-5596 ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
6.3CVSS
0.0005EPSS
HP Support Assistant < 8.7.50.3 DLL Loading Vulnerability
The version of HP Support Assistant installed on the remote Windows host is prior to 8.7.50.3. It is, therefore, affected by an unspecified DLL loading vulnerability. This can allow a local attacker to load and execute arbitrary...
7.3CVSS
7.5AI Score
0.001EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages eglibc - GNU C Library glibc - GNU C Library Details It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue...
7.8CVSS
9.1AI Score
0.015EPSS
libvirt [9.0.0-5.el9] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python [9.0.0-5.el9] - Update to libvirt 9.0.0-5 (Karl...
5.5CVSS
6.3AI Score
0.0004EPSS
CVE-2023-37869 WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
0.0004EPSS
[1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves...
7.5CVSS
7.4AI Score
0.0005EPSS
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
7AI Score
0.0004EPSS
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.9AI Score
0.005EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
6.8AI Score
0.003EPSS
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the fetch()...
5.3CVSS
7.3AI Score
0.0004EPSS
Summary Potentialfollow-redirects open redirect vulnerabilitiy [ CVE-2023-26159] have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.3CVSS
6.5AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell sample vulnerable application (CVE-2021-44228)...
9.1AI Score
9.8CVSS
9.5AI Score
0.783EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0758
Updates of ['linux-secure', 'linux-esx', 'linux-aws', 'linux', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
[1.3.1-19.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.3.1-19] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 [1.3.1-18] - libpam: use getlogin() from libc and not utmp. Resolves:...
5.5CVSS
7.3AI Score
0.0004EPSS
tomcat bug fix and enhancement update
An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4.....
6.8AI Score
Grafana Stored Cross-site Scripting in Unified Alerting
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for a stored Cross Site Scripting in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9, containing...
8.7CVSS
8.2AI Score
0.006EPSS
(RHSA-2024:2937) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more details about the...
7.2AI Score
0.0004EPSS
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied...
10CVSS
9.7AI Score
0.001EPSS