Malicious code in test-pkg-blabla (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3bfaca810c52dc5570fa40d75892333e31b5783eb2daa0f64c6db415c0e4ef79) The OpenSSF Package Analysis project identified 'test-pkg-blabla' @ 1.0.11 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in test-package-random-name-for-test (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b1f87eff60d8591d10e2be79afe5011ea9f63f823c7a014281e4e21f0da76eb8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in node-pre-gyp-test-app2 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b3456b640ac819fb66bf7f58e41f74e65b868629f609e863ca1bbe300070e7a8) The OpenSSF Package Analysis project identified 'node-pre-gyp-test-app2' @ 0.1.0-release1.release2 (npm) as malicious. It is considered malicious...
7.1AI Score
Malicious code in test-pen-testers (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0838e7134c6d22d8664ea4b26efb1614b7ffc9bc6a332e5dbeab250026b7315a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7.2AI Score
6.1CVSS
5.9AI Score
0.001EPSS
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file...
5.4CVSS
5.6AI Score
0.001EPSS
Malicious APP Causes Device DoS - test
In freeStageDirs PackageInstallerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
Task hijacking via relinquishTaskIdentity attribute - test
In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.5AI Score
0.0005EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.7AI Score
0.0004EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
[3.11.7-1.1] - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves:...
7.8CVSS
7.8AI Score
0.0004EPSS
[3.11.9-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.9-1] - Rebase to 3.11.9 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix expat tests for the latest expat security release Resolves: RHEL-33672,...
7.8CVSS
7.1AI Score
0.0005EPSS
[3.9.18-3.1] - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33887,...
7.8CVSS
7.8AI Score
0.0005EPSS
An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,....
7.8CVSS
7.6AI Score
0.0005EPSS
Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
5.5CVSS
6.5AI Score
0.0004EPSS
Malicious code in test-lib-avishek (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b09a9d57bb929d0c7ba93b90c01ea2a5270838a233ae120bdade2730d5c6e364) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in pkg-lumina-test (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (bd7ac6d227bb951e00656b9768230c146f3be307af9f71cb484a398b72132ec0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Issue Overview: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The.....
8.8CVSS
8.3AI Score
0.015EPSS
An update is available for module.pgaudit, postgresql, pgaudit, module.pg_repack, module.postgres-decoderbufs, pg_repack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is.....
6.8AI Score
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
5.3CVSS
6.5AI Score
0.001EPSS
[3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 [3.6.8-61] - Security fix for CVE-2023-6597 Resolves: RHEL-33671 [3.6.8-60] - Fix build with expat with fixed CVE-2023-52425 Related:...
7.8CVSS
7.1AI Score
0.0005EPSS
Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
6.8AI Score
0.0005EPSS
Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. (CVE-2024-3049) Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2...
5.9CVSS
6.7AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
5.9CVSS
7.2AI Score
0.001EPSS
An update is available for booth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...
5.9CVSS
7.2AI Score
0.001EPSS
(RHSA-2024:3043) Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
7.3AI Score
0.0004EPSS
An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...
5.9CVSS
7.2AI Score
0.001EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
5.9CVSS
7.3AI Score
0.001EPSS
[SECURITY] [DLA 3820-1] bluez security update
Debian LTS Advisory DLA-3820-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez May 25, 2024 https://wiki.debian.org/LTS Package : bluez Version : 5.50-1.2~deb10u5 CVE ID :...
7.1CVSS
6.9AI Score
0.001EPSS
(RHSA-2024:3391) Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
6.8AI Score
0.0005EPSS
ansible-core bug fix, enhancement, and security update
[2.16.3-2] - rebuild with python 3.12 (RHEL-24141) [2.16.3-1] - ansible-core 2.16.3 release (RHEL-23782) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22123) [2.16.2-1] - ansible-core 2.16.2 release (RHEL-19297) [2.16.1-1] - ansible-core...
5.5CVSS
6.6AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages mariadb - MariaDB database mariadb-10.6 - MariaDB database Details A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.6.18 in Ubuntu...
4.9CVSS
6.9AI Score
0.0005EPSS
(RHSA-2024:3347) Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.2AI Score
0.0005EPSS
(RHSA-2024:3062) Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
6.9AI Score
0.001EPSS
[3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...
5.3CVSS
6.8AI Score
0.001EPSS
Exploit for Improper Input Validation in Microsoft
Pachine Python implementation for CVE-2021-42278 (Active...
8.7AI Score
[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...
8.8CVSS
7.6AI Score
EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
FortiGate cve-2024-21762-checker This script is used to check...
9.8CVSS
7.2AI Score
0.018EPSS
Issue Overview: 2024-05-23: CVE-2021-32027 was added to this advisory. 2024-05-23: CVE-2023-5869 was added to this advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of...
8.8CVSS
8.5AI Score
0.015EPSS
Issue Overview: 2024-05-23: CVE-2023-22007 was added to this advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows...
7.5CVSS
7.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
7.2AI Score
0.001EPSS
Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can...
7.8CVSS
7AI Score
0.0004EPSS
Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can...
7.8CVSS
6.6AI Score
0.0004EPSS
Important: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
6.6AI Score
EPSS
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.1CVSS
6.9AI Score
0.005EPSS
Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
5.5CVSS
5.6AI Score
0.0004EPSS
ruby:3.3 security, bug fix, and enhancement update
ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability...
7.5AI Score
EPSS
ruby:3.3 security, bug fix, and enhancement update
ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability...
6.5AI Score
EPSS
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...
9.8CVSS
9.7AI Score
0.002EPSS