K000139901: PyYAML vulnerability CVE-2017-18342
Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....
9.8CVSS
9.6AI Score
0.014EPSS
K000139917: Libxml2 vulnerability CVE-2022-40303
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....
7.5CVSS
7.6AI Score
0.005EPSS
K000137521: BIG-IP AFM vulnerability CVE-2024-21763
Security Advisory Description When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-21763) Impact Traffic is disrupted while the TMM process...
7.5CVSS
7.7AI Score
0.0004EPSS
Updated python-aiohttp packages fix security vulnerability
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following...
6.1CVSS
6AI Score
0.0004EPSS
[7.2.0-11.el9] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug:...
8.2CVSS
7AI Score
0.001EPSS
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) ...
7.8CVSS
7.9AI Score
0.0005EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...
9.8CVSS
9.3AI Score
0.974EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...
8AI Score
0.0004EPSS
Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary...
6.1CVSS
6.8AI Score
0.001EPSS
Updated erofs-utils packages fix security vulnerabilities
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem...
7.8CVSS
7.9AI Score
0.003EPSS
[1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 [1.13.1-9] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix...
7.8CVSS
7.4AI Score
0.0005EPSS
[5.3.7-20.0.1] - pcp-zoneinfo fix to replay ol7 archives [Orabug: 35903733] - Backporting of python tool pcp-meminfo [Orabug: 35759707] - Backporting of python tool pcp-slabinfo [Orabug: 35560940] - Backporting of python tool pcp-buddyinfo [Orabug: 35660932] - Backporting of python tool...
8.8CVSS
6.8AI Score
0.0004EPSS
2.9CVSS
7AI Score
0.0004EPSS
Updated golang packages fix security vulnerabilities
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
9.8CVSS
6.3AI Score
0.001EPSS
7.2AI Score
0.0004EPSS
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be....
5.3CVSS
5.3AI Score
0.001EPSS
K000139876: Linux kernel vulnerability CVE-2021-46955
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...
5.9AI Score
0.0004EPSS
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
Updated strongswan packages fix security vulnerability
Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2...
9.8CVSS
7.8AI Score
0.004EPSS
[SECURITY] [DLA 3819-1] fossil security update
Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 25, 2024 https://wiki.debian.org/LTS Package : fossil Version : 1:2.8-1+deb10u1 CVE ID :...
6.5AI Score
0.0004EPSS
Exploit for Command Injection in Barracuda Email Security Gateway 300 Firmware
CVE-2023-2868: Barracuda ESG Command Injection For full...
9.8CVSS
9.9AI Score
0.071EPSS
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input ">alert(document.domain) leads to cross....
6.1CVSS
5.8AI Score
0.005EPSS
[SECURITY] [DLA 3824-1] gst-plugins-base1.0 security update
Debian LTS Advisory DLA-3824-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 30, 2024 https://wiki.debian.org/LTS Package : gst-plugins-base1.0 Version : 1.14.4-2+deb10u3 CVE...
7.8CVSS
6.7AI Score
0.0004EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...
9.8CVSS
10.1AI Score
EPSS
Moderate: perl-Convert-ASN1 security update
Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...
7.5CVSS
6.6AI Score
0.009EPSS
Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issue. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...
7.5CVSS
7.5AI Score
0.0004EPSS
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080
Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...
5.6AI Score
0.0004EPSS
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...
7.2CVSS
6.5AI Score
0.0004EPSS
[2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E....
7AI Score
0.0005EPSS
[SECURITY] [DLA 3818-1] apache2 security update
Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...
7.5CVSS
7.9AI Score
0.01EPSS
Summary WebSphere Application Server and Websphere Liberty is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...
6.5CVSS
6.5AI Score
0.0004EPSS
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
[SECURITY] [DSA 5699-1] redmine security update
Debian Security Advisory DSA-5699-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq Package : redmine CVE ID : CVE-2023-47258 CVE-2023-47259...
6.1CVSS
6.6AI Score
0.0005EPSS
[SECURITY] [DSA 5697-1] chromium security update
Debian Security Advisory DSA-5697-1 [email protected] https://www.debian.org/security/ Andres Salomon May 24, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-5274 A security issue...
8.8CVSS
6.7AI Score
0.003EPSS
[SECURITY] [DLA 3822-1] python-pymysql security update
Debian LTS Advisory DLA-3822-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 27, 2024 https://wiki.debian.org/LTS Package : python-pymysql Version : 0.9.3-1+deb10u1 CVE...
7.7AI Score
0.0004EPSS
podman security and bug fix update
[4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat...
4.9CVSS
7.5AI Score
0.0005EPSS
K000139225: nghttp2 vulnerability CVE-2024-28182
Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...
5.3CVSS
6.1AI Score
0.0004EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
WildFly Elytron: SSRF security issue
A flaw was found inJwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF)...
7.3CVSS
6.8AI Score
0.001EPSS
ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS...
8.8CVSS
7.1AI Score
EPSS
Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2024-0853). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2024-0853 ...
5.3CVSS
6.2AI Score
0.001EPSS
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
0.001EPSS
[SECURITY] Fedora 39 Update: freeipa-4.12.1-1.fc39
IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and...
8.1CVSS
7.3AI Score
0.0005EPSS
8.6CVSS
6.6AI Score
0.945EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
9.5AI Score
0.001EPSS