IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...
7.5CVSS
7AI Score
0.0004EPSS
Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory...
9.8CVSS
10AI Score
EPSS
Debian dsa-5723 : libcolorcorrect5 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5723-1 [email protected] ...
6.9AI Score
EPSS
7.5CVSS
7.1AI Score
0.008EPSS
Ubuntu 22.04 LTS : OpenSSL vulnerability (USN-6854-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6854-1 advisory. It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement...
7.5CVSS
7AI Score
0.008EPSS
Fedora: Security Advisory for moodle (FEDORA-2024-9df8ef935b)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
OpenSSL Buffer Overread Vulnerability (20240627) - Windows
OpenSSL is prone to a buffer overread...
6.6AI Score
0.0004EPSS
7.3AI Score
A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component.....
9.8CVSS
7.5AI Score
0.001EPSS
SSL_select_next_proto buffer overread Notes Author| Note ---|--- | Priority reason: OpenSSL developers have rated this issue has being low severity mdeslaur | This affects all 3.x versions, 1.1.1, and...
7AI Score
0.0004EPSS
7.3AI Score
Fedora 40 : openvpn (2024-b611e122fb)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b611e122fb advisory. Update to upstream OpenVPN 2.6.11 CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them ...
7AI Score
EPSS
GitLab 16.1 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4011)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows...
4.3CVSS
4.1AI Score
0.0004EPSS
GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4901)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS ...
8.7CVSS
8.2AI Score
0.0004EPSS
Debian dla-3841 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3841-1 [email protected] ...
7.8CVSS
8.2AI Score
EPSS
Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)
The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.8CVSS
9.9AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95943)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95943 advisory. Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform...
8.1CVSS
8AI Score
0.0004EPSS
Microsoft Edge (Chromium) < 126.0.2592.81 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.81. It is, therefore, affected by multiple vulnerabilities as referenced in the June 27, 2024 advisory. Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to...
6.8AI Score
EPSS
Fedora: Security Advisory for freeipa (FEDORA-2024-2a466c6514)
The remote host is missing an update for...
8.1CVSS
7.1AI Score
0.0005EPSS
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95974)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95974 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...
6.5AI Score
0.0004EPSS
7.1AI Score
EPSS
IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.4 CD (7158057)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158057 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...
7.5CVSS
7.5AI Score
0.0004EPSS
electron29 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5499. Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5494. Security: backported fix for CVE-2024-5495. Security: backported fix for CVE-2024-5496....
8.8CVSS
7.4AI Score
0.001EPSS
IBM MQ 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157976)
The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7157976 advisory. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.1AI Score
EPSS
OpenSSL 3.3.0 < 3.3.2 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.3.2. It is, therefore, affected by a vulnerability as referenced in the 3.3.2 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
7.3AI Score
0.0004EPSS
Important: pki-core security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) For more details about the security issue(s), including the impact, a CVSS score,...
7.5CVSS
7.5AI Score
0.0004EPSS
Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on...
8.1CVSS
8.1AI Score
0.0004EPSS
A vulnerability in the VPN protocol library using the "IPsec" libreswan is related to a statement of reachability when processing IKEv1 packets without specifying the esp string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...
6.7AI Score
0.0004EPSS
A vulnerability in the QEMU hardware emulator is related to a memory re-release error. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by performing a DMA...
8.2CVSS
7.4AI Score
0.0004EPSS
Debian dla-3840 : hyperv-daemons - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3840 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3840-1 [email protected] ...
7.8CVSS
8.5AI Score
EPSS
GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...
5.5CVSS
5.4AI Score
0.0004EPSS
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of...
0.0004EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
9.8CVSS
7.1AI Score
0.007EPSS
[11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass...
7.5CVSS
7.6AI Score
0.0004EPSS
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint...
0.0004EPSS
Fedora 40 : moodle (2024-020937763e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-020937763e advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
7.7AI Score
0.0004EPSS
OpenSSL 1.0.2 < 1.0.2zk Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...
6.6AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0305
Updates of ['linux', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Spring Tips: Go Further, Faster with Spring Boot 3.3 (UPDATED)
NB: I had an error in the AppCDS demo in the older video. This video supercedes that video, with a re-recorded segment on AppCDS. Make sure you're watching the latest of these two similarly titled videos! Hi, Spring fans! In this installment we look at ways to make your applications go further,...
7.1AI Score
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....
5.9CVSS
6.9AI Score
0.0004EPSS
GeoServer JAI-EXT extension command injection
Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...
8AI Score
6.5CVSS
7.2AI Score
0.0004EPSS
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle...
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...
7.5CVSS
7AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Wget vulnerability (USN-6852-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6852-2 advisory. USN-6852-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original...
7AI Score
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons ...
6.6AI Score
0.0004EPSS
OpenSSL 3.2.0 < 3.2.3 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.2.3. It is, therefore, affected by a vulnerability as referenced in the 3.2.3 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
6.6AI Score
0.0004EPSS