Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2023-50312

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-12 12:54 PM
1
thn
thn

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

7AI Score

2024-06-12 08:47 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-27348

Remote Code Execution vulnerability in Apache HugeGraph...

8.6AI Score

0.001EPSS

2024-06-12 08:14 AM
46
thn
thn

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already....

9.8CVSS

7.7AI Score

0.321EPSS

2024-06-12 08:06 AM
1
osv
osv

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
osv
osv

BIT-php-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-12 07:30 AM
3
thn
thn

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

9.8CVSS

8.7AI Score

0.05EPSS

2024-06-12 04:26 AM
15
redhatcve
redhatcve

CVE-2024-36972

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the socket...

6.6AI Score

0.0004EPSS

2024-06-12 12:47 AM
1
redhatcve
redhatcve

CVE-2024-35235

A flaw was found in the cupsd server. When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Since cupsd is often running as root, this...

4.4CVSS

6.7AI Score

0.0004EPSS

2024-06-12 12:40 AM
redhatcve
redhatcve

CVE-2023-52757

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid-;>refcount, __release_mid) under @server->mid_lock spinlock. If they...

6.9AI Score

0.0004EPSS

2024-06-12 12:28 AM
1
redhatcve
redhatcve

CVE-2023-52751

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2_query_info_compound() The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options...

6.9AI Score

0.0004EPSS

2024-06-12 12:27 AM
redhatcve
redhatcve

CVE-2023-52745

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a....

6.7AI Score

0.0004EPSS

2024-06-12 12:27 AM
redhatcve
redhatcve

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM...

6.7AI Score

0.0004EPSS

2024-06-12 12:27 AM
redhatcve
redhatcve

CVE-2023-52741

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata->read_into_pages() When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpages_fill_pages+0x14c/0x7e0 Call Trace: ...

6.9AI Score

0.0004EPSS

2024-06-12 12:27 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1975-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1985-1)

The remote host is missing an update for...

4.9CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
1
nessus
nessus

Oracle Linux 9 : podman (ELSA-2024-3826)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3826 advisory. [4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation.....

4.9CVSS

5.9AI Score

0.0005EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : libreoffice (RHSA-2024:3835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.3AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : gdk-pixbuf2 (RHSA-2024:3834)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3834 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : buildah (RHSA-2024:3827)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3827 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

4.9CVSS

6AI Score

0.0005EPSS

2024-06-12 12:00 AM
1
nessus
nessus

Oracle Linux 9 : c-ares (ELSA-2024-3842)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3842 advisory. [1.19.1-2] - Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9] Tenable has extracted the preceding description block directly from the...

4.4CVSS

7.1AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

Amazon Linux 2 : openssl11 (ALAS-2024-2564)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2564 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions ...

6.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

Debian dsa-5709 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5709 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5709-1 [email protected] ...

7.1AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : 389-ds-base (RHSA-2024:3837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3837 advisory. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

Oracle Linux 9 : buildah (ELSA-2024-3827)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3827 advisory. [1.33.7-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-2] - update to the latest content of...

4.9CVSS

7.4AI Score

0.0005EPSS

2024-06-12 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1987-1)

The remote host is missing an update for...

8.3CVSS

7.5AI Score

0.0005EPSS

2024-06-12 12:00 AM
1
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
2
nessus
nessus

RHEL 9 : rpm-ostree (RHSA-2024:3823)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3823 advisory. The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be...

6.2CVSS

6.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

6.7AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 8 : kernel (RHSA-2024:3810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...

7.8CVSS

7.6AI Score

EPSS

2024-06-12 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1973-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1973-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...

9.8CVSS

6.9AI Score

0.001EPSS

2024-06-12 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1986-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1973-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2024:1987-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1987-1 advisory. - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to...

8.3CVSS

7AI Score

0.0005EPSS

2024-06-12 12:00 AM
nessus
nessus

Oracle Linux 9 : libreoffice (ELSA-2024-3835)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz#2210193 CVE-2023-0950 Array Index...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1991-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1991-1 advisory. unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list...

7.5CVSS

7.7AI Score

0.05EPSS

2024-06-12 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1986-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1986-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...

9.8CVSS

6.9AI Score

0.001EPSS

2024-06-12 12:00 AM
1
oraclelinux
oraclelinux

libreoffice security update

[7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...

8.8CVSS

7AI Score

0.001EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : containernetworking-plugins (RHSA-2024:3831)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3831 advisory. The Container Network Interface (CNI) project consists of a specification and libraries for writing plug- ins for configuring network interfaces...

5.6AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : cockpit (RHSA-2024:3843)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3843 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-12 12:00 AM
openvas
openvas

Microsoft Windows Multiple Vulnerabilities (KB5039214)

This host is missing an important security update according to Microsoft...

9.8CVSS

7.2AI Score

0.003EPSS

2024-06-12 12:00 AM
7
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:1985-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1985-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - CVE-2023-22084: Fixed a vulnerability...

4.9CVSS

5.5AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2024:1984-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1984-1 advisory. - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Tenable has extracted the...

9.8CVSS

7AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

Oracle Linux 9 : gdk-pixbuf2 (ELSA-2024-3834)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3834 advisory. - Backport fixes for CVE-2022-48622 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has.....

7.8CVSS

7.4AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:3814)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3814 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

8AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : ruby (RHSA-2024:3838)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS

8.1AI Score

EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 : fence-agents (RHSA-2024:3811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3811 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 12:00 AM
2
nessus
nessus

RHEL 9 : gvisor-tap-vsock (RHSA-2024:3830)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3830 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for...

5.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

Oracle Linux 9 : 389-ds-base (ELSA-2024-3837)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3837 advisory. [2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : python-idna (RHSA-2024:3846)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3846 advisory. The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): *...

7.5AI Score

EPSS

2024-06-12 12:00 AM
Total number of security vulnerabilities434319