In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port...
6.5AI Score
0.0004EPSS
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
7.5CVSS
8.6AI Score
0.001EPSS
Incorrect detection of reserved device names on Windows in path/filepath
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports...
5.3CVSS
7.2AI Score
0.001EPSS
Incorrect default permissions in github.com/containers/buildah
Containers are created with non-empty inheritable Linux process capabilities, permitting programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug does not affect the container security sandbox, as the inheritable set never contains...
6.8CVSS
6.7AI Score
0.001EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
7.1AI Score
0.0004EPSS
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.6AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...
7.3AI Score
0.0004EPSS
Updated thunderbird packages fix security vulnerabilities
Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types....
8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate.....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever...
7AI Score
0.0004EPSS
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...
9CVSS
8.7AI Score
0.421EPSS
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
6.1CVSS
6.1AI Score
0.001EPSS
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection...
9.8CVSS
9.9AI Score
0.833EPSS
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily...
7.5CVSS
7.8AI Score
0.001EPSS
CandidATS 3.0.0 - Cross-Site Scripting
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
6.1CVSS
6.1AI Score
0.001EPSS
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
6.1CVSS
6.1AI Score
0.003EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local.....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I...
6.5AI Score
0.0004EPSS
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the ""...
6.9AI Score
0.0004EPSS
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...
6.5CVSS
6.5AI Score
0.001EPSS
(RHSA-2024:2769) Moderate: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update
python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-*client modules that implement the actual REST API client actions. Security Fix(es): deleting a non existing access rule deletes another existing access rule in it's scope...
6.6AI Score
EPSS
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
6.1CVSS
6.1AI Score
0.001EPSS
Omnia MPX 1.5.0+r1 - Local File Inclusion
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control...
9.8CVSS
9.4AI Score
0.725EPSS
Panic on large handshake records in crypto/tls
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
7.5CVSS
8.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...
7.2AI Score
0.0004EPSS
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be...
5.3CVSS
7.3AI Score
0.004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms() new...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...
7.5AI Score
0.0004EPSS
Exploit for Use After Free in Arm Bifrost Gpu Kernel Driver
Exploit for CVE-2022-38181 for FireTV 2nd gen Cube This is...
9.2AI Score
Atlassian Confluence - Remote Code Execution
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate...
9.8CVSS
9.7AI Score
0.971EPSS
Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
9.8CVSS
9AI Score
0.975EPSS
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
9.8CVSS
9.3AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or...
5.5CVSS
6.5AI Score
0.0004EPSS
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM.....
7.5CVSS
7.4AI Score
0.001EPSS
(RHSA-2024:2737) Moderate: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update
python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-*client modules that implement the actual REST API client actions. Security Fix(es): deleting a non existing access rule deletes another existing access rule in it's scope...
6.6AI Score
EPSS
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for...
9.8CVSS
7.3AI Score
0.011EPSS
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms() new tcindex_data...
6.6AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CloudArmor · Runtime Application Self-Protection Module -...
9.1AI Score
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.1AI Score
EPSS
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP...
8CVSS
6.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a....
5.5CVSS
5.4AI Score
0.0004EPSS
Flooding Server with Thumbnail files
Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...
7.5CVSS
6.5AI Score
0.001EPSS
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is...
8.9CVSS
7AI Score
0.001EPSS
Uncontrolled resource consumption in github.com/prometheus/client_golang
The Prometheus client_golang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler* middleware except RequestsInFlight; not filter any specific.....
7.5CVSS
8.5AI Score
0.005EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just...
0.0004EPSS
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including...
4.3CVSS
6.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...
7AI Score
0.0004EPSS