Lucene search

K

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

osv
osv

BIT-nginx-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.9AI Score

0.0004EPSS

2024-06-04 09:49 AM
1
osv
osv

BIT-nginx-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6AI Score

0.0004EPSS

2024-06-04 09:49 AM
2
veracode
veracode

Improper Permission Check

Wagtail is vulnerable to Improper Permission Check. The vulnerability is due to an improperly applied permission check in the wagtail.contrib.settings module, allowing users with admin access to modify settings models without proper...

5.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:24 AM
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
2
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2024:1896-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1896-1 advisory. - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417). Tenable has...

6.6AI Score

EPSS

2024-06-04 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....

4.7AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0207)

The remote host is missing an update for...

7.9CVSS

6.5AI Score

0.0004EPSS

2024-06-04 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1907-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1907-1 advisory. - CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586) -...

6.5CVSS

10AI Score

0.003EPSS

2024-06-04 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1909-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1909-1 advisory. - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in...

6.5CVSS

7.9AI Score

0.003EPSS

2024-06-04 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1908-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1908-1 advisory. - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Tenable has extracted the...

6.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : 389-ds (SUSE-SU-2024:1906-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1906-1 advisory. - Update to version 2.2.8~git65.347aae6: - CVE-2024-1062: Resolved possible denial of service when audit logging is enabled....

5.5CVSS

7AI Score

0.0004EPSS

2024-06-04 12:00 AM
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
mageia
mageia

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...

7.9CVSS

6.3AI Score

0.0004EPSS

2024-06-03 09:30 PM
5
qualysblog
qualysblog

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

7.6AI Score

2024-06-03 05:41 PM
1
redhatcve
redhatcve

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

6.3AI Score

0.0004EPSS

2024-06-03 05:33 PM
4
ibm
ibm

Security Bulletin: IBM MaaS360 Cloud Extender Mobile Enterprise Gateway (MEG) and VPN Module affected by multiple vulnerabilities (CVE-2024-29025, CVE-2024-22262, CVE-2023-6129, CVE-2024-0727, CVE-2024-22201, CVE-2023-6237)

Summary Vulnerabilities contained within OpenSSL (a 3rd party component) were addressed in the IBM MaaS360 VPN Module. Vulnerabilities contained within Netty, Spring Framework and Eclipse Jetty (3rd party components) were addressed in the IBM MaaS360 Mobile Enterprise Gateway (MEG) Module. ...

8.1CVSS

7.3AI Score

0.002EPSS

2024-06-03 03:55 PM
2
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2024-33883]

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...

6.2AI Score

0.0004EPSS

2024-06-03 03:26 PM
4
redhat
redhat

(RHSA-2024:3553) Important: nodejs : security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...

6.4AI Score

0.0004EPSS

2024-06-03 02:12 PM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.

Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details ** CVEID: CVE-2023-26117 DESCRIPTION: **AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the $resource service. By providing...

6.1CVSS

6.8AI Score

0.005EPSS

2024-06-03 01:24 PM
2
ibm
ibm

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

6.5CVSS

6AI Score

0.0004EPSS

2024-06-03 11:31 AM
3
redhatcve
redhatcve

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

6.4AI Score

0.0004EPSS

2024-06-03 09:01 AM
1
rosalinux
rosalinux

Advisory ROSA-SA-2024-2430

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux.....

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-03 09:00 AM
3
veracode
veracode

SQL Injection

typo3/cms-core is vulnerable to SQL injection. The vulnerability is due to improper dissociation of system-related configuration from user-generated configuration, allowing instructions to be persisted to a form definition file that were not configured to be modified. This allows attackers to...

8.1AI Score

2024-06-03 07:14 AM
redhat
redhat

(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

5.7AI Score

EPSS

2024-06-03 06:57 AM
5
redhat
redhat

(RHSA-2024:3544) Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...

6.7AI Score

0.0004EPSS

2024-06-03 06:38 AM
thn
thn

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

7.1AI Score

2024-06-03 03:51 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

7.5CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
3
nessus
nessus

RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...

9.8CVSS

7.5AI Score

0.019EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : flash-plugin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: multiple code execution issues fixed in APSB17-07 (CVE-2017-3003) Unspecified...

8.8CVSS

8.9AI Score

0.954EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : pulseaudio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...

6.6AI Score

0.021EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer ...

8.1CVSS

7.2AI Score

0.004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 8 : perl-dbi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-dbi: Buffer overflow on an overlong DBD class name (CVE-2020-14393) An issue was discovered in the...

7.1CVSS

8.1AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 9 : nodejs:18 (RHSA-2024:3544)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3544 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...

9.8CVSS

8.5AI Score

0.311EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) mod_lua.c in the...

9.8CVSS

7.6AI Score

0.071EPSS

2024-06-03 12:00 AM
redos
redos

ROS-20240603-02

A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the secure_compare() function of the....

6.3AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 6 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...

5.9CVSS

7.3AI Score

0.003EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: heap buffer overflow in pp_pack.c (CVE-2018-6913) Perl 5.10.x allows context-dependent attackers...

7.8CVSS

8.1AI Score

0.57EPSS

2024-06-03 12:00 AM
1
packetstorm

7.4AI Score

2024-06-03 12:00 AM
68
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...

7.8CVSS

7.7AI Score

0.009EPSS

2024-06-03 12:00 AM
1
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 8 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: SVN authz protected copyfrom paths regression (CVE-2021-28544) Subversion's mod_dav_svn...

7.5CVSS

6.7AI Score

0.059EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c ...

7.8CVSS

7.7AI Score

0.018EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...

5.9CVSS

5.8AI Score

0.003EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...

7.8CVSS

6.7AI Score

0.009EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py (CVE-2018-19787) Incomplete blacklist...

6.1CVSS

6.6AI Score

0.013EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 4 : audiofile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) ...

6.9AI Score

0.006EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : pulseaudio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...

6.6AI Score

0.021EPSS

2024-06-03 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
Total number of security vulnerabilities116391