The Secrets of Hidden AI Training on Your Data
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable,...
6.7AI Score
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.7AI Score
0.0004EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.6AI Score
0.0004EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.5AI Score
0.0004EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
0.0004EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
7.3AI Score
0.0004EPSS
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
0.0004EPSS
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.9AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.6AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.6AI Score
0.0004EPSS
Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-35176 DESCRIPTION: **Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content...
5.3CVSS
6.6AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool.
Summary IBM License Metric Tool is affected by Bouncy Castle Cryptography vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30172 DESCRIPTION: **The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By...
7.2AI Score
EPSS
Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...
7.5CVSS
8.1AI Score
0.0004EPSS
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
7.5CVSS
7.4AI Score
EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.3AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.4AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.5AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.6AI Score
0.0004EPSS
Microsoft Dataverse Remote Code Execution Vulnerability
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a...
8CVSS
7.8AI Score
0.001EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.7AI Score
0.0004EPSS
Summary The security issue described in CVE-2024-35153 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...
4.8CVSS
6.6AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)
Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
6.7AI Score
0.0004EPSS
Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....
7CVSS
7.8AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
0.001EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
0.001EPSS
CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
0.001EPSS
Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)
Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...
5.9CVSS
6.1AI Score
0.0005EPSS
Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)
Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID: CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request,.....
7.5CVSS
6.5AI Score
0.0004EPSS
Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID: CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...
7.5CVSS
7.7AI Score
0.0004EPSS
Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)
Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID: CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...
5.9CVSS
6.3AI Score
0.0004EPSS
Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)
Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID: CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...
7.5CVSS
6.5AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.7AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.2AI Score
0.0004EPSS
IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.4 CD (7158057)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158057 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...
7.5CVSS
7.5AI Score
0.0004EPSS
Debian dsa-5723 : libcolorcorrect5 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5723-1 [email protected] ...
6.9AI Score
EPSS
Important: pki-core security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) For more details about the security issue(s), including the impact, a CVSS score,...
7.5CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component.....
9.8CVSS
7.5AI Score
0.001EPSS
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95943)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95943 advisory. Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform...
8.1CVSS
8AI Score
0.0004EPSS
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95974)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95974 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...
6.5AI Score
0.0004EPSS
IBM MQ 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157976)
The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7157976 advisory. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service,...
7.5CVSS
7.8AI Score
0.0004EPSS
OpenSSL 3.3.0 < 3.3.2 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.3.2. It is, therefore, affected by a vulnerability as referenced in the 3.3.2 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
7.3AI Score
0.0004EPSS
Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on...
8.1CVSS
8.1AI Score
0.0004EPSS
GitLab 9.2 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1493)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing...
6.5CVSS
6.6AI Score
0.0004EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...
7.5CVSS
7AI Score
0.0004EPSS
[11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass...
7.5CVSS
7.6AI Score
0.0004EPSS
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint...
0.0004EPSS