The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
0d023ff3fbdec617768ea5977fd3bb6702dfef4ae595da9a5bbc6ecc6ac9e575
Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.
0833ffba4bae800112f39bda1a9de1cfd5e670b6c7f675b6d89f769e4de4aba7
Tramyardg Autoexpress version 1.3.0 suffers from a persistent cross site scripting vulnerability.
e5d38e6f27165a96b83eb9ff1357086d82ad45bbc6a91a8b4f1d9aa5f2e996a5
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.
a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2eca
Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.
b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
2faf30a7c965ee27488aa615351736f44a121eeb9316eea19a0fa4904265c2c5
SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective and persistent cross site scripting vulnerabilities.
2c4b91b7d1d00b6f2ac89af364e77b2b0d2b76306c60a890dee33e814441c2dc
Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cd96d379383fd6bc85ab4e185183931ea6b236dd9b5c004203a06f94f9bd9b70
Red Hat Security Advisory 2024-1368-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.
7ac9cb861adfb1b5f52de9bf2effe73d4b5b5dec15a91acaa062ae519c8923d4
Red Hat Security Advisory 2024-1367-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
eee1790f56150cef36bb60906d923ce202c9baacbe3a1cb772672f1b0d1cccbd
Red Hat Security Advisory 2024-1354-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.
ff60a560dd028d74ad40ae65cf42e212549e57126cbd15bb0c1eb90639afd8d1
Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
08b4e847d08dda831c59a07de21c73b00e7633dffb2b64b53231e10e1582e374
Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.
540b7b318053beca6c43ca6421f58215e773d779e7565d7f8f9ce37a4534795f
Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.
14ca96f0778716067a0fd01e90283cd0c4b4c9ae95ab2ef80f68617412beec80
Red Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
deeb75081668151356b5819e0c3c816565bd06d4cde4092321e55c63446fff67
Red Hat Security Advisory 2024-1318-03 - An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
ccd1b28c9aee226c114d792746a7fab0634a491860a7089d7537686112c22c88
Red Hat Security Advisory 2024-1317-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include buffer overflow, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.
f294fa960eaa587cdc822bf85f430e02ab8f0e2a474d3eea8a845e287ccba797
Red Hat Security Advisory 2024-1316-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include cross site scripting, information leakage, and out of bounds read vulnerabilities.
d3c2a05ee1dd54a907b571ffbc3225f134472eba748786b00d048f19d0a52a7f
Red Hat Security Advisory 2024-1255-03 - Red Hat OpenShift Container Platform release 4.15.3 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a traversal vulnerability.
b163ce4d15a08d83e70733cbe4650f61ffd213b96109c2bd8dc96610cd336ea2
Red Hat Security Advisory 2024-0722-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.
586285abd6aaccc491b4d68f1e30e047d6221a0a7bb529ace5f3b15941992b4c
Ubuntu Security Notice 6700-1 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
2c7355c5b5d096d3837750dde9769934b471e8730c5ae98b584551bed8fee54c
Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.
0aa128553cbd5a516cc713b76e3dc3f366da8678b4aba8459dee773880a5c164
Ubuntu Security Notice 6699-1 - Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service. It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
741ef8ab62e9bd28635067dd14c486e47aa528483cb49a6add77447f74408506
Backdrop CMS version 1.23.0 suffers from a persistent cross site scripting vulnerability.
4bb3b15e6793b35f154b25b1c1a126cba8e1b8b14114a15a508636cb6bed357f
ZoneMinder Snapshots versions prior to 1.37.33 suffer from an unauthenticated remote code execution vulnerability.
1214b8dd5cc3e41afef6bf3970934bdc17fe4f69cdd2f486c163cc06c6903f65