In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....
7AI Score
Important: less security update
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...
6.9AI Score
0.0004EPSS
A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more
Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think,...
7.1AI Score
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1724)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1713)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1723)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1721)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1734)
The remote host is missing an update for the Huawei...
7AI Score
0.003EPSS
EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...
6.5AI Score
SUSE SLES12 Security Update : python36 (SUSE-SU-2024:1847-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1847-1 advisory. - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). -...
7.2AI Score
Veritas System Recovery Installed (Windows)
Veritas System Recovery, a backup and disaster recovery application is installed on the remote Windows...
7.4AI Score
EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1757)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...
6.6AI Score
EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1780)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...
7AI Score
Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an...
7.4AI Score
Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...
7.5AI Score
RHEL 8 : ruby:3.0 (RHSA-2024:3500)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
7.3AI Score
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.4AI Score
Important: less security update
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...
6.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1728)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Oracle Linux 9 : glibc (ELSA-2024-3339)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3339 advisory. [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi Tenable has extracted the preceding description block...
7.4AI Score
RHEL 9 : nghttp2 (RHSA-2024:3501)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3501 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...
7AI Score
Oracle Linux 8 : python3 (ELSA-2024-3347)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3347 advisory. [3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 ...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
7AI Score
7.1AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1776)
The remote host is missing an update for the Huawei...
7.1AI Score
0.008EPSS
RHEL 8 : edk2 (RHSA-2024:3497)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3497 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...
7AI Score
SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2024:1835-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1835-1 advisory. - CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353). - CVE-2024-32659:...
7.3AI Score
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1735)
The remote host is missing an update for the Huawei...
7AI Score
0.003EPSS
Fedora 40 : mingw-python-requests (2024-efc4802051)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-efc4802051 advisory. Update to requests-2.32.0, fixes CVE-2024-35195. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
7AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages postgresql-14 - Object-relational SQL database postgresql-15 - Object-relational SQL database postgresql-16 - Object-relational SQL database Details Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in...
8AI Score
0.0004EPSS
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)
The remote host is missing an update for the Huawei...
6.8AI Score
0.003EPSS
6.7AI Score
0.001EPSS
Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-3343)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3343 advisory. [21.1.3-16] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Tenable has extracted the preceding description block directly from the...
7.3AI Score
EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...
6.5AI Score
virt:ol and virt-devel:rhel security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...
7.7AI Score
0.001EPSS
Fedora 39 : mingw-python-requests (2024-7e4f058c2f)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7e4f058c2f advisory. Update to requests-2.32.0, fixes CVE-2024-35195. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
7.4AI Score
7.2AI Score
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : browserify-sign vulnerability (USN-6800-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6800-1 advisory. It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an...
7.2AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.5AI Score
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.4AI Score
7.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....
8.2AI Score
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...
7.2AI Score
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...
7.6AI Score
0.962EPSS
Updated perl-Email-MIME packages fix security vulnerabilities
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts....
7.3AI Score
0.0004EPSS
Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)....
6.5AI Score
0.0004EPSS