RHEL 6 : mdadm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mdadm: Buffer overflow (CVE-2023-28736) Uncontrolled resource consumption in some Intel(R) SSD Tools...
5.9AI Score
0.0004EPSS
RHEL 7 : python-pillow (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-pillow: Buffer overflow in image convert function (CVE-2021-34552) Buffer overflow in the...
9AI Score
0.073EPSS
RHEL 6 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: P2P group information processing vulnerability (CVE-2021-0326) wpa_supplicant: EAP-pwd...
8AI Score
0.01EPSS
SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP4) (SUSE-SU-2024:1596-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1596-1 advisory. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to...
7.8CVSS
8AI Score
0.002EPSS
RHEL 6 : wget (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) wget:...
7.8AI Score
0.955EPSS
RHEL 6 : hw (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900) ...
8.1AI Score
EPSS
RHEL 7 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) python: XML...
8.9AI Score
0.038EPSS
openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1607-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1607-1 advisory. An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. (CVE-2021-25287) An issue was...
9.1CVSS
7.3AI Score
0.004EPSS
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
RHEL 5 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...
10AI Score
0.969EPSS
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...
8.4AI Score
0.102EPSS
RHEL 6 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: Non-privileged session can escape to the parent session in chroot (CVE-2016-2781) In GNU...
5.8AI Score
0.0004EPSS
RHEL 8 : less (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. less: crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal ...
7.5AI Score
0.002EPSS
RHEL 8 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...
7AI Score
0.013EPSS
RHEL 8 : r (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...
7AI Score
0.002EPSS
RHEL 7 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: arbitrary command execution via VCS path (CVE-2018-7187) golang: Command-line arguments may...
10AI Score
0.379EPSS
RHEL 5 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: mXSS due to the use of improper parser (CVE-2020-27783) An issue was discovered in lxml...
6.7AI Score
0.013EPSS
CVE-2024-4044 Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...
7.8CVSS
7.5AI Score
0.001EPSS
CVE-2024-4044 Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...
7.8CVSS
8AI Score
0.001EPSS
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty
CVE-2024-31497 POC This vulnerability exploits the biased...
5.9CVSS
5.6AI Score
0.002EPSS
Dell notifies customers about data breach
Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer...
7.5AI Score
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and...
10CVSS
6.1AI Score
0.967EPSS
SUSE SLES15 Security Update : kernel (Live Patch 39 for SLE 15 SP2) (SUSE-SU-2024:1581-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1581-1 advisory. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to...
7.8CVSS
8.1AI Score
0.002EPSS
Fedora 38 : kernel (2024-e513c6594d)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e513c6594d advisory. The 6.8.9 stable kernel update contains a number of important fixes across the tree. (FEDORA-2024-e513c6594d) Note that Nessus has not tested for this...
7.3AI Score
SUSE SLES15 Security Update : kernel (Live Patch 39 for SLE 15 SP3) (SUSE-SU-2024:1580-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1580-1 advisory. A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to...
7.8CVSS
7.7AI Score
0.002EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...
9.8CVSS
9.7AI Score
EPSS
Rockwell Automation ControlLogix and GuardLogix (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...
8.6CVSS
8.7AI Score
0.0004EPSS
alpitronic Hypercharger EV Charger
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...
7.6AI Score
0.0004EPSS
Rockwell Automation FactoryTalk Historian SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Historian SE Vulnerabilities: Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...
7.5CVSS
7.3AI Score
0.001EPSS
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code...
10CVSS
8AI Score
0.964EPSS
[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39
This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...
8.8CVSS
8.8AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38
This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...
8.8CVSS
8.8AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6770-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
7.3AI Score
SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP3) (SUSE-SU-2024:1558-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1558-1 advisory. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to...
7.8CVSS
8.1AI Score
0.002EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
7.8CVSS
7AI Score
0.002EPSS
7.4AI Score
7.4AI Score
9.8CVSS
7.4AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:1554-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1554-1 advisory. A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to...
7.8CVSS
7.6AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Spreadsheet::ParseXLSX vulnerabilities (USN-6769-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6769-1 advisory. The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted...
6.5CVSS
7.4AI Score
0.001EPSS
Oracle Linux 9 : kernel (ELSA-2024-2758)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2758 advisory. hw: amd: Instruction raise #VC exception at exit (CVE-2024-25742, CVE-2024-25743) A Marvin vulnerability side-channel leakage was found in the RSA...
6.5CVSS
6.5AI Score
EPSS
R Programming Language 1.4.0 < 4.4.0 Insecure Deserialization
The version of the R Programming Language running on the remote host is 1.4.0 or later, before 4.4.0. It is, therefore, affected by an insecure deserialization vulnerability. Deserialization of untrusted data can occur, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R.....
8.8CVSS
7.9AI Score
0.0004EPSS
Fedora 39 : R (2024-07b7b83a4f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
8AI Score
0.0004EPSS
Fedora 38 : R (2024-bc590cb3f1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
7.4AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 40 for SLE 15 SP3) (SUSE-SU-2024:1562-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1562-1 advisory. A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to...
7.8CVSS
7.7AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GLib vulnerability (USN-6768-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6768-1 advisory. An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client...
6.4AI Score
0.0004EPSS
Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers
Description Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver Model (WDM) drivers. In a...
7.8AI Score
The Fundamentals of Cloud Security Stress Testing
״Defenders think in lists, attackers think in graphs," said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to...
7.4AI Score
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU.....
7.8CVSS
6.2AI Score
0.0004EPSS
NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays
NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...
8.3AI Score