Oracle Linux 9 : python3.11 (ELSA-2024-4077)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4077 advisory. - Security fix for CVE-2023-6597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...
7.8CVSS
7.6AI Score
0.0004EPSS
RHEL 7 : kernel (RHSA-2024:4098)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...
6.8CVSS
7.5AI Score
0.0004EPSS
7AI Score
0.0004EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...
7AI Score
EPSS
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
0.0004EPSS
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
6.5AI Score
0.0004EPSS
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
6.7AI Score
0.0004EPSS
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key...
6.7AI Score
0.0004EPSS
CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
0.0004EPSS
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...
7.8CVSS
8.6AI Score
0.879EPSS
io.github.classgraph:classgraph is vulnerable to XML External Entity (XXE). The vulnerability is due to improper handling of external entities during XML processing, which can result in XML External Entity (XXE) injection attacks that can expose sensitive data or execute malicious...
7.1AI Score
0.0004EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: * python-yaql: a library that contains a large set of commonly used functions * openstack-tripleo-heat-templates: Heat...
7AI Score
0.0004EPSS
Oracle Linux 9 : libreswan (ELSA-2024-4050)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4050 advisory. [4.12-2.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.1] - Fix CVE-2024-3652 (RHEL-40102) Tenable has extracted the preceding...
6.7AI Score
0.0004EPSS
9.8CVSS
7.5AI Score
0.001EPSS
Oracle Linux 8 : python3.11 (ELSA-2024-4058)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4058 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
7.8CVSS
7.5AI Score
0.0005EPSS
SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has extracted the preceding description...
7AI Score
0.0004EPSS
RHEL 8 : python3.11 (RHSA-2024:4058)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
7.8CVSS
7.4AI Score
0.0005EPSS
RHEL 9 : pki-core (RHSA-2024:4051)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.8AI Score
0.0004EPSS
RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...
7.5CVSS
7.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2024:2171-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2171-1 advisory. - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Tenable has extracted the...
7.3CVSS
7.3AI Score
0.003EPSS
RHEL 9 : libreswan (RHSA-2024:4050)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn (Green Unicorn) is a Python WSGI HTTP server for UNIX. Security Fix(es): * HTTP Request Smuggling due to improper validation of...
7.5CVSS
7.7AI Score
0.0004EPSS
RHEL 9 : dnsmasq (RHSA-2024:4052)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...
7.5CVSS
6.9AI Score
0.003EPSS
RHEL 8 : thunderbird (RHSA-2024:4063)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
8.2AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2180-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2180-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...
6.8AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...
7.5CVSS
6AI Score
0.001EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.8AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
RHEL 6 : quarkus-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700) Note that Nessus has...
7CVSS
6.8AI Score
0.0004EPSS
RHEL 6 : netty-codec-http (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025) Note that Nessus has not...
5.3CVSS
6.9AI Score
0.0004EPSS
SUSE SLES15 Security Update : vte (SUSE-SU-2024:2152-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2152-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....
6.8AI Score
0.0004EPSS
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of...
7.5CVSS
6.4AI Score
0.0005EPSS
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...
6.8AI Score
0.0004EPSS
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...
6.5AI Score
0.0004EPSS
0.0004EPSS
6.5AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...
8.8CVSS
9.4AI Score
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:4036)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.0004EPSS
Oracle Linux 9 : nghttp2 (ELSA-2024-3501)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....
7.5CVSS
6.2AI Score
0.005EPSS
0.0004EPSS
Oracle Linux 8 : thunderbird (ELSA-2024-4036)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4036 advisory. [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to...
7.3AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...
6.9AI Score
0.0004EPSS
RHEL 8 : ovn-2021 (RHSA-2024:4035)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.9AI Score
0.0005EPSS
7.5AI Score
0.0004EPSS
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...
7.6CVSS
7.8AI Score
0.001EPSS