In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle page.....
In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD...
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD...
6.2AI Score
Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...
7AI Score
0.001EPSS
[SECURITY] [DSA 5693-1] thunderbird security update
Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle...
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle page.....
CVE-2024-35832 bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle page.....
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)
The remote host is missing an update for the Huawei...
0.001EPSS
(RHSA-2024:2784) Important: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the container...
7.3AI Score
0.0005EPSS
(RHSA-2024:2782) Important: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the RPM...
7.6AI Score
0.037EPSS
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.8AI Score
0.0004EPSS
(RHSA-2024:2781) Moderate: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the container...
7.2AI Score
0.037EPSS
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.5AI Score
0.0004EPSS
How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment
Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....
6.9AI Score
TotalCloud Container Security Best Practices
Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...
7.1AI Score
(RHSA-2024:2892) Important: go-toolset-1.19-golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
6.7AI Score
0.0004EPSS
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
(RHSA-2024:2891) Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5AI Score
0.72EPSS
(RHSA-2024:2890) Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
6.7AI Score
0.037EPSS
(RHSA-2024:2889) Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): gnutls: potential crash during chain building/verification (CVE-2024-28835) gnutls: vulnerable to Minerva...
5.9AI Score
0.0004EPSS
(RHSA-2024:2888) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
7.2AI Score
(RHSA-2024:2887) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2886) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2885) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2884) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2883) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2882) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2881) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
[SECURITY] [DLA 3815-1] firefox-esr security update
Debian LTS Advisory DLA-3815-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 16, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.11.0esr-1~deb10u1 CVE...
6.6AI Score
[SECURITY] Fedora 40 Update: djvulibre-3.5.28-9.fc40
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 38 Update: djvulibre-3.5.28-6.fc38
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
7.5AI Score
7.1AI Score
(RHSA-2024:2776) Moderate: OpenShift Container Platform 4.15.13 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.13. See the following advisory for the container...
7AI Score
0.0004EPSS
(RHSA-2024:2773) Important: OpenShift Container Platform 4.15.13 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.13. See the following advisory for the RPM...
7.5AI Score
0.037EPSS
[SECURITY] [DSA 5691-1] firefox-esr security update
Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...
7.4AI Score
[SECURITY] [DSA 5690-1] libreoffice security update
Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...
6.6AI Score
CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...
CVE-2024-3487 Broken Authentication vulnerability in iManager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass...
CVE-2024-3486 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
CVE-2024-3485 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
CVE-2024-3483 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...