ruby:3.1 security, bug fix, and enhancement update
ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...
6.5AI Score
EPSS
A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...
7.3AI Score
EPSS
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...
9.8CVSS
9.7AI Score
0.002EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
[![Download](https://img.shields.io/github/v/release/rakutentech......
9AI Score
ruby:3.1 security, bug fix, and enhancement update
ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...
6.8AI Score
EPSS
test-hi.hawk.de Cross Site Scripting vulnerability OBB-3901472
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
test-hi.hawk.de Cross Site Scripting vulnerability OBB-3885675
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS...
8.8CVSS
7.1AI Score
EPSS
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
5.3CVSS
5.6AI Score
0.001EPSS
Malicious code in test-poc2 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (70d622822e0356b992f815ba0a803ee7598a5ff51894216a53a95ac034ca1185) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in test-poc3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0dd2e1b9551e2d05eb6769e870035396fbdd5bd09b3116b00901a73cb9e64859) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.4AI Score
0.001EPSS
Exploit for OS Command Injection in Php
Orange Tsi 🍊 This vulnerability was found by Orange Tsai...
9.8CVSS
9.9AI Score
0.967EPSS
Exploit for OS Command Injection in Php
Orange Tsi 🍊 This vulnerability was found by Orange Tsai...
9.8CVSS
9.9AI Score
0.967EPSS
8.6AI Score
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
7.8CVSS
7.7AI Score
EPSS
Exploit for Heap-based Buffer Overflow in Microsoft
libarchive-harness-win - CVE-2024-20696 Blog post:...
7.3CVSS
6.3AI Score
0.003EPSS
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...
6CVSS
7AI Score
0.0004EPSS
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system...
8CVSS
7.8AI Score
0.001EPSS
A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is...
8.8CVSS
8.5AI Score
0.001EPSS
Exploit for Path Traversal in Vmware Cloud Foundation
CVE-2021-21972 CVE-2021-21972 Works On ...
9.8CVSS
9.9AI Score
0.973EPSS
GeoServer JAI-EXT extension command injection
Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...
8AI Score
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...
5.4CVSS
0.0005EPSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...
5.4CVSS
6AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.001EPSS
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or...
6.1CVSS
6.4AI Score
0.001EPSS
7.8CVSS
8AI Score
0.192EPSS
Malicious code in @ssr-frontend/test-poc3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (03b39fa743b5b3cc6ff2265f4913473e51a661ac1f7d41f7855e4ced61af77aa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
8.6AI Score
Malwarebytes Premium Security stops 100% of malware during AV Lab test
Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...
7AI Score
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-21716_exploit test of...
9.8CVSS
9.6AI Score
0.454EPSS
test-b2b-gdm-figaro1.pantheonsite.io Cross Site Scripting vulnerability OBB-3884756
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
(RHSA-2024:2246) Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
6.9AI Score
0.0004EPSS
(RHSA-2024:3466) Important: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.2AI Score
EPSS
**This repository is provided AS IS to accompany [a Meta Red...
7.8CVSS
7.8AI Score
0.0004EPSS
Apache ActiveMQ Web Console Test Pages Information Disclosure
The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...
7.2AI Score
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...
5.4CVSS
5.2AI Score
0.0004EPSS
ansible-core bug fix, enhancement, and security update
[1:2.14.14-1] - ansible-core 2.14.14 release (RHEL-23783) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22124) [1:2.14.13-1] - ansible-core 2.14.13 release (RHEL-19298) [1:2.14.12-1] - ansible-core 2.14.12 release...
5.5CVSS
7AI Score
0.0004EPSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...
5.4CVSS
5.3AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2022-32250-Linux-Kernel-LPE Demo Video...
7.8CVSS
7.5AI Score
0.001EPSS
python39:3.9 and python39-devel:3.9 security update
mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...
7.8CVSS
7.2AI Score
EPSS
IceWarp Email Client - Cross Site Scripting
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid...
6.1CVSS
6.4AI Score
0.077EPSS
CVE-2024-20356 This is a proof of concept for CVE-2024-20356,...
7.7AI Score
[3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-20233 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...
5.3CVSS
7.3AI Score
0.001EPSS
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
9.2AI Score
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...
6.3AI Score
EPSS
(RHSA-2024:2292) Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.7AI Score
0.001EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...
7AI Score
EPSS
9.8CVSS
8.6AI Score
0.035EPSS