SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2061-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2061-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....
7.7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:2065-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2065-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with...
6.9AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.30 (RHSA-2024:3918)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3918 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
5.9CVSS
6.2AI Score
0.963EPSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.001EPSS
Oracle Linux 7 : glibc (ELSA-2024-12444)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
9.8CVSS
9.7AI Score
0.009EPSS
Exploit for Improper Input Validation in Microsoft
About CVE-2024-30078 and the Corresponding KB Update...
8.3AI Score
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...
9.8CVSS
6.9AI Score
EPSS
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...
7.3AI Score
How are attackers trying to bypass MFA?
In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...
8.1AI Score
The Annual SaaS Security Report: 2025 CISO Plans and Priorities
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....
7.2AI Score
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...
5.7CVSS
5.4AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3969)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3969 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : container-tools:rhel8 update (Moderate) (RHSA-2024:3968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3968 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...
4.9CVSS
5.3AI Score
0.0005EPSS
RHEL 7 : flatpak (RHSA-2024:3980)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...
8.4CVSS
8.6AI Score
0.0004EPSS
Nextcloud Server is prone to an improper access control ...
3.5CVSS
7AI Score
0.0004EPSS
Oracle Linux 8 : flatpak (ELSA-2024-3961)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3961 advisory. - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has.....
8.4CVSS
8.3AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.05EPSS
Oracle Linux 9 : firefox (ELSA-2024-3955)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3955 advisory. [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 Tenable has...
7.5AI Score
0.0004EPSS
RHEL 9 : flatpak (RHSA-2024:3970)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...
6.5CVSS
6.2AI Score
0.006EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of...
7.5CVSS
6.8AI Score
0.001EPSS
RHEL 8 : firefox (RHSA-2024:3972)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8AI Score
0.0004EPSS
5.3CVSS
6.6AI Score
0.001EPSS
7.1AI Score
0.0004EPSS
5.3CVSS
5.7AI Score
0.001EPSS
Oracle Linux 7 : flatpak (ELSA-2024-3980)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. [1.0.9-13] - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not.....
8.4CVSS
8.2AI Score
0.0004EPSS
Nextcloud Server is prone to an improper authentication ...
7.3CVSS
7AI Score
0.0004EPSS
6.7AI Score
EPSS
K000140042: libldap vulnerability CVE-2020-15719
Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....
4.2CVSS
6.4AI Score
0.002EPSS
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:2043-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2043-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may...
7.3AI Score
0.0004EPSS
Oracle Linux 9 : flatpak (ELSA-2024-3959)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3959 advisory. [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that.....
8.4CVSS
8.3AI Score
0.0004EPSS
SUSE SLES15 Security Update : bind (SUSE-SU-2024:2033-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2033-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed...
7.5CVSS
8.1AI Score
0.05EPSS
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2035-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2035-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....
6.6AI Score
EPSS
This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this...
7.8CVSS
7.5AI Score
0.012EPSS
RHEL 8 : flatpak (RHSA-2024:3979)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3979 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
Oracle Linux 8 : firefox (ELSA-2024-3954)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3954 advisory. [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.12.0-1] - Update to 115.12.0 build1 Tenable has...
7.4AI Score
0.0004EPSS
Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST service, which listens on TCP port 443 by...
9CVSS
7.2AI Score
0.971EPSS
6.7AI Score
EPSS
6.5CVSS
5.7AI Score
0.006EPSS
Oracle Linux 8 : glibc (ELSA-2024-12440)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)....
4.8AI Score
0.0005EPSS
Oracle Linux 7 : glibc (ELSA-2024-12442)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12442 advisory. - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: April-28-2023...
9.8CVSS
10AI Score
0.009EPSS
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM...
5.9CVSS
6.7AI Score
EPSS
Summary IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy...
7.6AI Score
EPSS
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...
7.9AI Score
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
3.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2039-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2039-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...
5.3CVSS
5.3AI Score
0.001EPSS
RHEL 8 : firefox (RHSA-2024:3952)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3961)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3962)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
7.4AI Score
0.0004EPSS