7.4AI Score
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
6.3AI Score
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
6.3AI Score
Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
5.5CVSS
6.5AI Score
0.0004EPSS
About the security content of macOS Sonoma 14.5
About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
5.5CVSS
8AI Score
0.001EPSS
10CVSS
7.4AI Score
0.002EPSS
About the security content of iOS 16.7.8 and iPadOS 16.7.8
About the security content of iOS 16.7.8 and iPadOS 16.7.8 This document describes the security content of iOS 16.7.8 and iPadOS 16.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
7.8CVSS
7.8AI Score
0.001EPSS
JVN#28869536: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail (CWE-231) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API (CWE-201)...
7AI Score
About the security content of Safari 17.5
About the security content of Safari 17.5 This document describes the security content of Safari 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available......
5.6AI Score
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
5.5CVSS
7.7AI Score
0.001EPSS
6.5AI Score
GLSA-202405-32 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-32 (Mozilla Thunderbird: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...
7.8AI Score
10AI Score
Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability.....
7.5CVSS
10AI Score
0.962EPSS
Security Bulletin: IBM Storage Fusion is vulnerable to directory traversal due to beego.
Summary Beego is used by IBM Storage Fusion as part of the User Interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in...
9.8CVSS
9.7AI Score
0.002EPSS
Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.
Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw.....
9.8CVSS
9.7AI Score
0.002EPSS
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details ** CVEID:...
7.5CVSS
8.9AI Score
0.052EPSS
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details ** CVEID: CVE-2024-23829 DESCRIPTION:...
7.5CVSS
8.6AI Score
0.052EPSS
Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...
7.5CVSS
6.1AI Score
0.001EPSS
Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress...
7.5CVSS
6.1AI Score
0.001EPSS
Summary follow-redirects is used by IBM Storage Fusion as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...
6.1CVSS
6.7AI Score
0.001EPSS
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...
6.5CVSS
7.1AI Score
0.001EPSS
Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION:.....
8.1CVSS
9.8AI Score
0.005EPSS
Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.
Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details ** CVEID: CVE-2023-5408 DESCRIPTION: **OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in...
7.2CVSS
6.3AI Score
0.001EPSS
Summary Golang Go's net/http and x/net/http2 packages are used by IBM Storage Fusion as part of the its user interface and may be affacted by the CVE listed below. CVE-2023-45288. Vulnerability Details ** CVEID: CVE-2023-45288 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused...
7.5AI Score
0.0004EPSS
Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details ** CVEID: CVE-2023-43040 DESCRIPTION: **IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph...
6.2AI Score
Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade
By Deeba Ahmed Confused Latvians woke up to the Russian Victory Day parade on their TVs! Hackers targeted a content delivery network to manipulate broadcasts exposing media supply chain vulnerabilities. This is a post from HackRead.com Read the original post: Latvian TV Channels Hacked to...
7.2AI Score
Microsoft Deploys Generative AI for US Spies
Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million...
7.3AI Score
Get Weekends Back: Put Chrome CVEs like CVE-2024-4671 on Auto-Patching
On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671. The "use after free" vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and.....
6.6AI Score
0.0004EPSS
RHEL 7 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) libxml2:...
9.5AI Score
RHEL 7 : imagemagick (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c ...
8.1AI Score
RHEL 6 : krb5-appl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp...
7.1AI Score
RHEL 6 : c-ares (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. c-ares: Single byte out of buffer write (CVE-2016-5180) The c-ares function ares_parse_naptr_reply(),...
7.7AI Score
RHEL 6 : gthumb (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gthumb: DoS via malformed JPEG image (CVE-2020-36427) Note that Nessus has not tested for this issue but has instead...
5.9AI Score
RHEL 7 : mysql-connector-java (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) (CVE-2017-3523) ...
7.4AI Score
AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
RHEL 6 : gdk-pixbuf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gdk-pixbuf: Out-of-bounds write in OneLine32() function (CVE-2016-6352) Integer overflow in io-ico.c in...
9.8AI Score
RHEL 8 : cairo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c (CVE-2019-6462) cairo...
7.7AI Score
RHEL 6 : giflib (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool (CVE-2020-23922) giflib:...
8.4AI Score
RHEL 5 : evince (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution ...
8.6AI Score
RHEL 7 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: heap-based buffer overflow related to the ReadJPEG function (CVE-2017-8358) LibreOffice...
8.4AI Score
RHEL 6 : qemu (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Memory leak in hw/watchdog/wdt_i6300esb.c in...
7.6AI Score
RHEL 7 : freerdp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu (CVE-2017-2835) freerdp: Integer Overflow leading to...
8.6AI Score
RHEL 7 : docker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. docker: IPv6 router advertisements allow for MitM attacks (CVE-2020-13401) docker: cli leaks private...
7.8AI Score
RHEL 7 : opencv (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. opencv: out-of-bounds write error in the function FillColorRow4 (CVE-2017-12606) OpenCV 3.0.0 has a...
9.5AI Score
RHEL 6 : chromium-browser (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chromium-browser: Heap buffer overflow in clipboard (CVE-2020-16025) chromium-browser: Out of bounds...
9.6AI Score
RHEL 5 : gdk-pixbuf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gdk-pixbuf: heap-based overflow caused by invalid palette size (CVE-2017-12447) Integer overflow in...
7.8AI Score
RHEL 7 : glib2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c ...
7.3AI Score
RHEL 7 : optipng (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. optipng: heap buffer overflow in the bmp_read_rows function (CVE-2016-3981) optipng: heap buffer...
8.6AI Score
RHEL 6 : sudo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sudo: by using ! character in the shadow file instead of a password hash can access to a run as all...
8.4AI Score