Microsoft Office 2007 SP2 And SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, And Microsoft Business Productivity Servers 2010 SP2. Security Vulnerabilities
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
cfla-acfl.ca Cross Site Scripting vulnerability OBB-3932507
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other.....
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....
7.1AI Score
9.7AI Score
0.002EPSS
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, superset, py3.10-tensorflow-core,...
7.7AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, superset, py3.10-tensorflow-core,...
7.5AI Score
7.5AI Score
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
7.5AI Score
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-pipelines, kubeflow-katib, datadog-agent, kubeflow-jupyter-web-app, ggshield, jwt-tool, az, py3-idna, py3.10-tensorflow-core, kubeflow-pipelines-visualization-server, k8s-sidecar,...
6.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-pipelines, kubeflow-katib, datadog-agent, kubeflow-jupyter-web-app, ggshield, jwt-tool, az, py3-idna, py3.10-tensorflow-core, kubeflow-pipelines-visualization-server, k8s-sidecar,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, pytorch, superset, reflex,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-urllib3, py3-tensorflow-serving-api,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-urllib3, py3-tensorflow-serving-api,...
5.4AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, pytorch, superset, reflex,...
5.6AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, mlflow, jwt-tool, az, py3.10-tensorflow-core, k8s-sidecar,...
7.5AI Score
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
5.5AI Score
0.0004EPSS
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app, py3-urllib3,...
8AI Score
0.001EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.7AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-jupyter-web-app, mlflow, jwt-tool, az, py3.10-tensorflow-core, k8s-sidecar,...
5.7AI Score
0.0004EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app, py3-urllib3,...
7.5AI Score
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2010-4756 affecting package glibc 2.35-7
CVE-2010-4756 affecting package glibc 2.35-7. This CVE either no longer is or was never...
6.4AI Score
0.008EPSS
CVE-2010-4226 affecting package cpio 2.13-5
CVE-2010-4226 affecting package cpio 2.13-5. This CVE either no longer is or was never...
6.8AI Score
0.003EPSS
CVE-2007-3205 affecting package php 7.4.14-3
CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.9AI Score
0.065EPSS
CVE-2007-6353 affecting package exiv2 0.28.0-1
CVE-2007-6353 affecting package exiv2 0.28.0-1. No patch is available...
6.4AI Score
0.021EPSS
CVE-2010-2642 affecting package t1lib 5.1.2-28
CVE-2010-2642 affecting package t1lib 5.1.2-28. No patch is available...
6.6AI Score
0.086EPSS
CVE-2007-1397 affecting package fish 3.6.2-1
CVE-2007-1397 affecting package fish 3.6.2-1. This CVE either no longer is or was never...
6.5AI Score
0.171EPSS
CVE-2007-1397 affecting package fish 3.1.2-4
CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.5AI Score
0.171EPSS
CVE-2007-3205 affecting package php 8.1.28-1
CVE-2007-3205 affecting package php 8.1.28-1. No patch is available...
6.7AI Score
0.065EPSS
CVE-2010-4226 affecting package cpio 2.13-3
CVE-2010-4226 affecting package cpio 2.13-3. This CVE either no longer is or was never...
7.5AI Score
0.003EPSS
CVE-2007-4559 affecting package python3 3.7.16-1
CVE-2007-4559 affecting package python3 3.7.16-1. No patch is available...
8.1AI Score
0.025EPSS
CVE-2010-4756 affecting package glibc 2.28-24
CVE-2010-4756 affecting package glibc 2.28-24. This CVE either no longer is or was never...
7.5AI Score
0.008EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...
7AI Score
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
7.6AI Score
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
7.7AI Score
0.001EPSS
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
7.2AI Score
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
7.3AI Score
7.5AI Score
0.019EPSS
dotnet-webinare.de Cross Site Scripting vulnerability OBB-3932499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dotnet-essentials.de Cross Site Scripting vulnerability OBB-3932498
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
angular-workshops.de Cross Site Scripting vulnerability OBB-3932497
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
codecommunity.de Cross Site Scripting vulnerability OBB-3932496
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
windows-developer-college.de Cross Site Scripting vulnerability OBB-3932495
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dotnetcore.de Cross Site Scripting vulnerability OBB-3932494
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
7AI Score
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the...
6.8AI Score