An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....
5.4CVSS
7AI Score
0.0004EPSS
(RHSA-2024:3553) Important: nodejs : security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...
6.4AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
7.5CVSS
6.2AI Score
0.0004EPSS
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if.....
5.9CVSS
7.2AI Score
0.004EPSS
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....
6.1CVSS
6.8AI Score
0.0004EPSS
Description The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for.....
6.4CVSS
5.8AI Score
0.0004EPSS
Issue Overview: 2024-05-23: CVE-2021-32027 was added to this advisory. 2024-05-23: CVE-2023-5869 was added to this advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of...
8.8CVSS
8.5AI Score
0.015EPSS
CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery
The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...
4.3CVSS
4.9AI Score
0.0005EPSS
CoreHTTP CGI Support RCE Vulnerability
CoreHTTP is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied...
7.3AI Score
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...
5.3CVSS
5.8AI Score
0.0004EPSS
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): Rebase...
6.7AI Score
0.0004EPSS
Gravity Forms plugin leak hashed passwords
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property)...
7.5CVSS
7.2AI Score
0.002EPSS
Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do...
8.8CVSS
6.8AI Score
0.001EPSS
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor,...
4.8CVSS
5.6AI Score
0.001EPSS
(RHSA-2024:2820) Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish: HTTP/2 Broken Window Attack may result in denial of service...
6.8AI Score
0.0004EPSS
tomcat security and bug fix update
[1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) - Resolves:...
6.5AI Score
0.0004EPSS
Gravity Forms stored HTML injection vulnerability
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
5.4CVSS
7.4AI Score
0.001EPSS
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater...
3.7CVSS
5.7AI Score
0.002EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0760
Updates of ['linux-rt', 'linux-esx', 'linux-secure', 'linux-aws', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor,...
5.4CVSS
5.5AI Score
0.001EPSS
Summary There is a vulnerability in System.Drawing.Comman used by IBM Robotic Process Automation as part of the .NET Core framework. (CVE-2021-24112). The vulnerability could allow an attacker to remotely execute arbitrary code. This bulletin identifies the security fixes to apply to address this.....
8.1CVSS
8.2AI Score
0.022EPSS
Issue Overview: 2024-05-23: CVE-2019-16276 was added to this advisory. It was discovered that net/http (through net/textproto) in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests...
7.5CVSS
7.4AI Score
0.01EPSS
7.5CVSS
1.4AI Score
0.002EPSS
RHEL 8 : faq (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) Go before...
9.1CVSS
10AI Score
0.005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...
6.8AI Score
0.0004EPSS
An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...
5.3CVSS
5.8AI Score
0.0004EPSS
gcc-toolset-13-annobin bug fix and enhancement update
An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
6.8AI Score
RHEL 7 : faq (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) Note that Nessus has not tested for this issue...
4.8CVSS
9.6AI Score
0.003EPSS
MovableType - Remote Command Injection
MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via...
9.8CVSS
9.7AI Score
0.97EPSS
Apple Boot Camp Support Software Installed
The remote Windows host has an install of Apple's Boot Camp Support Software. Apple Boot Camp is a utility included on Mac OS X computers to assist with virtualizing various Windows operating systems, and Boot Camp Support Software provides associated drivers for...
3.4AI Score
premium-speakers.com Cross Site Scripting vulnerability OBB-3881150
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....
8.7CVSS
8.6AI Score
0.001EPSS
Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....
6.8CVSS
6.7AI Score
0.001EPSS
premium-speakers.com Cross Site Scripting vulnerability OBB-3873981
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4)...
6.6AI Score
0.971EPSS
An update is available for varnish. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a high-performance HTTP accelerator. It stores web pages in....
7.2AI Score
0.0004EPSS
(RHSA-2024:3307) Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...
6.7AI Score
0.0004EPSS
(RHSA-2024:3308) Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...
6.8AI Score
0.0004EPSS
(RHSA-2024:3544) Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...
6.7AI Score
0.0004EPSS
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details,....
5.3CVSS
5.9AI Score
0.0005EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages glibc - GNU C Library Details It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of...
6.6AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....
8.4CVSS
10AI Score
0.003EPSS
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...
5.3CVSS
5.3AI Score
0.0005EPSS
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...
5.3CVSS
6.5AI Score
0.0005EPSS
lorax bug fix and enhancement update
An update is available for lorax. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4...
6.8AI Score
In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only...
6.1CVSS
6.2AI Score
0.001EPSS
nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon...
5.3CVSS
6.8AI Score
0.0004EPSS
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...
5.5CVSS
6.7AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0607
Updates of ['linux-aws', 'linux', 'linux-rt', 'linux-secure'] packages of Photon OS have been...
9.8CVSS
9.9AI Score
0.001EPSS
(RHSA-2024:3545) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more...
6.6AI Score
0.0004EPSS