When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
5.9AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
6AI Score
0.0004EPSS
Wagtail is vulnerable to Improper Permission Check. The vulnerability is due to an improperly applied permission check in the wagtail.contrib.settings module, allowing users with admin access to modify settings models without proper...
5.5CVSS
6.2AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2024:1896-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1896-1 advisory. - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417). Tenable has...
6.6AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....
4.7AI Score
0.0004EPSS
7.9CVSS
6.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1907-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1907-1 advisory. - CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586) -...
6.5CVSS
10AI Score
0.003EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1909-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1909-1 advisory. - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in...
6.5CVSS
7.9AI Score
0.003EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1908-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1908-1 advisory. - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Tenable has extracted the...
6.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : 389-ds (SUSE-SU-2024:1906-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1906-1 advisory. - Update to version 2.2.8~git65.347aae6: - CVE-2024-1062: Resolved possible denial of service when audit logging is enabled....
5.5CVSS
7AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
Updated microcode packages fix security vulnerabilities
The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...
7.9CVSS
6.3AI Score
0.0004EPSS
PCI DSS 4.0: Get Audit-Ready for the New Requirements
The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
6.3AI Score
0.0004EPSS
Summary Vulnerabilities contained within OpenSSL (a 3rd party component) were addressed in the IBM MaaS360 VPN Module. Vulnerabilities contained within Netty, Spring Framework and Eclipse Jetty (3rd party components) were addressed in the IBM MaaS360 Mobile Enterprise Gateway (MEG) Module. ...
8.1CVSS
7.3AI Score
0.002EPSS
Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...
6.2AI Score
0.0004EPSS
(RHSA-2024:3553) Important: nodejs : security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...
6.4AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.
Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details ** CVEID: CVE-2023-26117 DESCRIPTION: **AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the $resource service. By providing...
6.1CVSS
6.8AI Score
0.005EPSS
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...
6.4AI Score
0.0004EPSS
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux.....
6.5CVSS
6.5AI Score
0.001EPSS
typo3/cms-core is vulnerable to SQL injection. The vulnerability is due to improper dissociation of system-related configuration from user-generated configuration, allowing instructions to be persisted to a form definition file that were not configured to be modified. This allows attackers to...
8.1AI Score
(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...
5.7AI Score
EPSS
(RHSA-2024:3544) Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...
6.7AI Score
0.0004EPSS
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
7.1AI Score
7.5CVSS
7.6AI Score
0.005EPSS
RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.5AI Score
0.019EPSS
RHEL 5 : flash-plugin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: multiple code execution issues fixed in APSB17-07 (CVE-2017-3003) Unspecified...
8.8CVSS
8.9AI Score
0.954EPSS
RHEL 7 : pulseaudio (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...
6.6AI Score
0.021EPSS
RHEL 7 : freeradius (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer ...
8.1CVSS
7.2AI Score
0.004EPSS
RHEL 8 : perl-dbi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-dbi: Buffer overflow on an overlong DBD class name (CVE-2020-14393) An issue was discovered in the...
7.1CVSS
8.1AI Score
0.001EPSS
RHEL 9 : nodejs:18 (RHSA-2024:3544)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3544 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...
5.3CVSS
7.6AI Score
0.0004EPSS
RHEL 5 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...
9.8CVSS
8.5AI Score
0.311EPSS
RHEL 7 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) mod_lua.c in the...
9.8CVSS
7.6AI Score
0.071EPSS
A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the secure_compare() function of the....
6.3AI Score
0.0004EPSS
RHEL 6 : python33-python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...
5.9CVSS
7.3AI Score
0.003EPSS
RHEL 6 : perl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: heap buffer overflow in pp_pack.c (CVE-2018-6913) Perl 5.10.x allows context-dependent attackers...
7.8CVSS
8.1AI Score
0.57EPSS
7.4AI Score
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 5 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...
7.8CVSS
7.7AI Score
0.009EPSS
K000139876: Linux kernel vulnerability CVE-2021-46955
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...
5.9AI Score
0.0004EPSS
RHEL 8 : subversion (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: SVN authz protected copyfrom paths regression (CVE-2021-28544) Subversion's mod_dav_svn...
7.5CVSS
6.7AI Score
0.059EPSS
RHEL 6 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c ...
7.8CVSS
7.7AI Score
0.018EPSS
RHEL 5 : python33-python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...
5.9CVSS
5.8AI Score
0.003EPSS
RHEL 6 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...
7.8CVSS
6.7AI Score
0.009EPSS
RHEL 7 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py (CVE-2018-19787) Incomplete blacklist...
6.1CVSS
6.6AI Score
0.013EPSS
RHEL 4 : audiofile (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) ...
6.9AI Score
0.006EPSS
RHEL 6 : pulseaudio (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...
6.6AI Score
0.021EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS