SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1813-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1813-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. This update fixes a regression with...
7.2AI Score
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2024-1777)
The remote host is missing an update for the Huawei...
6.9AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2024-1770)
The remote host is missing an update for the Huawei...
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python-pycryptodome (EulerOS-SA-2024-1752)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)
The remote host is missing an update for the Huawei...
6.8AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1740)
The remote host is missing an update for the Huawei...
7AI Score
0.008EPSS
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1768)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1738)
The remote host is missing an update for the Huawei...
6.9AI Score
0.02EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1739)
The remote host is missing an update for the Huawei...
7.1AI Score
0.051EPSS
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1762)
The remote host is missing an update for the Huawei...
7.1AI Score
0.051EPSS
6.7AI Score
0.0005EPSS
7AI Score
0.004EPSS
SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1806-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1806-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...
6.7AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....
8.2AI Score
SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1831-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1831-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...
7.4AI Score
7.1AI Score
0.0004EPSS
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...
7.6AI Score
0.962EPSS
Summary This Security Bulletin addresses security vulnerabilities related to cross-site scripting that have been remediated (CVE-2022-43384, CVE-2022-43575) in IBM Aspera Console 3.4.2 PL6. Vulnerability Details ** CVEID: CVE-2022-43384 DESCRIPTION: **IBM Aspera Console is vulnerable to...
6.7AI Score
Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory (OOM)...
6.4AI Score
0.0004EPSS
Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)....
6.5AI Score
0.0004EPSS
Summary This Security Bulletin addresses security vulnerabilities related to PCRE and PCRE2 library vulnerabilities that have been remediated (CVE-2022-1587, CVE-2019-20838, CVE-2022-1586) in IBM Aspera Console 3.4.2 PL5. Vulnerability Details ** CVEID: CVE-2022-1587 DESCRIPTION: **PCRE2 could...
8.7AI Score
0.01EPSS
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...
7.5AI Score
0.962EPSS
Is Your Computer Part of ‘The Largest Botnet Ever?’
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...
7.4AI Score
Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admin....
6.9AI Score
Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admin....
6.9AI Score
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admin....
6.9AI Score
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admin....
6.9AI Score
Retrieving Deleted Files on the Commodore C64 in 1987
When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school. One day...
7.3AI Score
(RHSA-2024:3475) Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.5 security update
Errata Advisory for Red Hat OpenShift GitOps v1.11.5 Security Fix(es): CVE-2024-31989 argocd: An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port...
7.3AI Score
0.037EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.7AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.8AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
6.6AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
6.6AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
6.8AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
6.7AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
6.6AI Score
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...
7.6CVSS
7.2AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
4.8CVSS
6.7AI Score
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
9.8AI Score
0.001EPSS
(RHSA-2024:3473) Moderate: OpenShift Virtualization 4.14.6 Images security update
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.14.6 images. Security Fix(es): axios: exposure of confidential data stored in cookies (CVE-2023-45857) For more details about the...
7.1AI Score
0.037EPSS
(RHSA-2024:3327) Important: OpenShift Container Platform 4.15.15 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.15. See the following advisory for the RPM...
7.5AI Score
0.0005EPSS
(RHSA-2024:3472) Important: rh-nodejs14 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): rh-nodejs14-nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...
7.2AI Score
0.0004EPSS
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...
6.8AI Score
Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic.....
5.7AI Score
0.001EPSS