Microsoft Windows Multiple Vulnerabilities (KB5039225)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.2AI Score
0.003EPSS
Microsoft Windows Multiple Vulnerabilities (KB5039212)
This host is missing an important security update according to Microsoft...
9.8CVSS
7.2AI Score
0.003EPSS
8CVSS
7.5AI Score
EPSS
7.8CVSS
7.5AI Score
0.001EPSS
8CVSS
7.5AI Score
0.0004EPSS
5.5CVSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
4.4CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.0004EPSS
Amazon Linux 2 : postgresql (ALAS-2024-2567)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2567 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to...
8.8CVSS
9.1AI Score
0.015EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.4AI Score
0.001EPSS
Amazon Linux 2 : thunderbird (ALAS-2024-2561)
The version of thunderbird installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2561 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the...
9.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2024:1982-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1982-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) -...
7.5CVSS
7.6AI Score
0.05EPSS
Microsoft Outlook 2016 Remote Code Execution Vulnerability (KB5002600)
This host is missing an important security update according to Microsoft...
8.8CVSS
7.2AI Score
0.001EPSS
Microsoft Office 2016 Multiple Remote Code Execution Vulnerabilities (KB5002591)
This host is missing an important security update according to Microsoft...
7.8CVSS
7.2AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:1976-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1976-1 advisory. - Update to version 2.44.2 (bsc#1225071) - CVE-2024-27834: Fixed a vulnerability where an attacker with...
8.8CVSS
7.6AI Score
0.001EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1990-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). -...
7.8CVSS
7AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.05EPSS
7.5CVSS
7.5AI Score
0.05EPSS
8.8CVSS
7.5AI Score
0.001EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1979-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1979-1 advisory. The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
7.8CVSS
7.9AI Score
0.001EPSS
Oracle Linux 9 : containernetworking-plugins (ELSA-2024-3831)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3831 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
7.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2024:1980-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1980-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding...
2.9CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : glibc (SUSE-SU-2024:1977-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1977-1 advisory. - nscd: Release read lock after resetting timeout - nscd: Fix use-after-free in addgetnetgrentX (BZ #23520) - CVE-2024-33599; nscd:....
8.3AI Score
0.0005EPSS
RHEL 8 : protobuf-c (RHSA-2024:3812)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fix(es): * protobuf-c: unsigned integer overflow in...
5.5CVSS
7AI Score
0.0004EPSS
RHEL 9 : c-ares (RHSA-2024:3842)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3842 advisory. The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: Out of...
4.4CVSS
5.6AI Score
0.0004EPSS
RHEL 9 : kernel (RHSA-2024:3855)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SVM: improper check...
7.8CVSS
7.7AI Score
0.001EPSS
SUSE SLES12 Security Update : unrar (SUSE-SU-2024:1975-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1975-1 advisory. - CVE-2024-33899: Fixed a denial of service via ANSI escape squences. (bsc#1225661) Tenable has extracted the preceding description block...
7.4AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.15.17 (RHSA-2024:3676)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3676 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
8.1CVSS
8.3AI Score
0.0004EPSS
Microsoft Windows Multiple Vulnerabilities (KB5039217)
This host is missing an important security update according to Microsoft...
9.8CVSS
7.2AI Score
0.003EPSS
SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2024:1974-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1974-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related...
9.8CVSS
7.2AI Score
0.001EPSS
Patch Tuesday, June 2024 “Recall” Edition
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....
9.8CVSS
8.9AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.001EPSS
Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...
6.5CVSS
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....
8.1AI Score
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...
5.3CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of...
6.8AI Score
0.0004EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
9.1AI Score
0.0004EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
0.0004EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
0.0004EPSS
[SECURITY] [DSA 5707-1] vlc security update
Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...
7.3AI Score
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely...
8.1CVSS
6.2AI Score
0.0004EPSS
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely...
8.1CVSS
0.0004EPSS
CVE-2024-4190 OpenText ArcSight Logger Stored XSS
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely...
8.1CVSS
0.0004EPSS
linux-intel-iotg-5.15 vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
8CVSS
8.2AI Score
EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS