Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....
7.5CVSS
7AI Score
0.001EPSS
[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...
8.8CVSS
7.6AI Score
EPSS
virt:kvm_utils1 security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...
5.5CVSS
7.2AI Score
0.0004EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
6.7AI Score
0.0005EPSS
6.5AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
EPSS
[SECURITY] [DSA 5708-1] cyrus-imapd security update
Debian Security Advisory DSA-5708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : cyrus-imapd CVE ID : CVE-2024-34055 Damian...
6.5CVSS
6.9AI Score
0.0005EPSS
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the _failure_path input field of login forms, an attacker can work around the redirection target...
6.1CVSS
6.5AI Score
0.006EPSS
Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69307 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals...
7.1AI Score
Symfony Denial of Service Via Long Password Hashing
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a.....
6.9AI Score
0.002EPSS
6.4AI Score
0.0004EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
[311.2-1.0.1] - Replaced upstream urls in documentation with oracle links [Orabug: 36528753] - Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110] - Remove duplicate reference to server in cockpit [Orabug: 34030494] - Update documentation links [Orabug: 30271413], [Orabug:...
7.3CVSS
7.8AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
7.7AI Score
0.0004EPSS
Security vulnerability in WebP
In BuildHuffmanTable of huffman_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.3AI Score
0.609EPSS
Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67850 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals...
7.1AI Score
Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67558 Crash type: Security exception Crash state: com.github.javaparser.ast.validator.TreeVisitorValidator.accept com.github.javaparser.ast.expr.FieldAccessExpr.getMetaModel...
7.1AI Score
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
6.7AI Score
EPSS
[11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass...
7.5CVSS
7.6AI Score
0.0004EPSS
Moderate: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.8AI Score
0.0004EPSS
An issue was discovered in the LDAP component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:.....
9.8CVSS
7.5AI Score
0.006EPSS
[7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...
8.8CVSS
7AI Score
0.001EPSS
8CVSS
8.5AI Score
0.0005EPSS
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.7AI Score
0.0004EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.7AI Score
0.0004EPSS
7.2AI Score
Symphony Denial of Service Via Overlong Usernames
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers....
7.5CVSS
6.7AI Score
0.01EPSS
Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66357 Crash type: Security exception Crash state: com.github.javaparser.ast.validator.TreeVisitorValidator.accept com.github.javaparser.ast.expr.FieldAccessExpr.getMetaModel...
7.1AI Score
Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69451 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals...
7.1AI Score
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7AI Score
0.0004EPSS
Important: ipa security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user to access another target...
8.1CVSS
6.9AI Score
0.0005EPSS
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: [342428008] High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 [40942995] High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-15 [342545100] High...
7.6AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
7.9AI Score
0.0004EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.6AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
8AI Score
EPSS
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...
6.2CVSS
5.1AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.8AI Score
0.0004EPSS
[4.11.0-15.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-15] - Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute...
8.1CVSS
6.5AI Score
0.0005EPSS
[115.11.0-1.0.1] - Add Oracle prefs file [115.11.0-1] - Update to 115.11.0...
7.2AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
7.9AI Score
0.0004EPSS
Quarkus is vulnerable to Improper Authorization. This vulnerability is due to the mishandling of method declarations in abstract Java classes or by Quarkus extensions, leading to unenforced authorization for RestEasy Classic or Reactive JAX-RS...
6.5CVSS
6.6AI Score
0.0004EPSS
[115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.11.0-1] - Update to 115.11.0...
7.3AI Score
0.0004EPSS