AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP...
4.3CVSS
7.2AI Score
0.0004EPSS
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP...
4.3CVSS
4.6AI Score
0.0004EPSS
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP...
4.3CVSS
4.6AI Score
0.0004EPSS
7.5CVSS
6.5AI Score
0.013EPSS
[SECURITY] Fedora 39 Update: kitty-0.31.0-2.fc39
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
6.7AI Score
0.0004EPSS
RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.5AI Score
0.019EPSS
RHEL 7 : dbus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: denial of service in file descriptor passing feature (CVE-2014-3532) dbus: denial of service when...
7.1AI Score
0.001EPSS
7.8CVSS
6.6AI Score
0.001EPSS
RHEL 6 : dbus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: denial of service in file descriptor passing feature (CVE-2014-3532) dbus: denial of service when...
7AI Score
0.001EPSS
RHEL 8 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) nss: Information exposure...
6.5CVSS
7.2AI Score
0.102EPSS
KLA68438 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...
8.4AI Score
0.0004EPSS
RHEL 7 : python-tornado (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) (CVE-2014-9720) Note that Nessus has not...
6.5CVSS
7.3AI Score
0.005EPSS
RHEL 7 : xmlrpc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) xmlrpc: Deserialization...
9.8CVSS
7.2AI Score
0.014EPSS
RHEL 8 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack...
5.9CVSS
7AI Score
0.002EPSS
RHEL 8 : quay_quay-rhel8 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python-reportlab: Server-side request forgery via img tags (CVE-2020-28463) Note that Nessus has not tested for this...
6.5CVSS
6.7AI Score
0.002EPSS
RHEL 8 : ovmf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: 0-byte record padding oracle (CVE-2019-1559) openssl: timing attack in RSA Decryption...
7.5CVSS
7.8AI Score
0.01EPSS
RHEL 8 : fop (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) Server-Side Request Forgery (SSRF)...
7.1CVSS
7.2AI Score
0.001EPSS
RHEL 7 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.6AI Score
0.019EPSS
RHEL 6 : pacemaker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local ...
7.8CVSS
7.1AI Score
0.014EPSS
RHEL 8 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ejs: server-side template injection in outputFunctionName (CVE-2022-29078) loader-utils: prototype...
9.8CVSS
8.6AI Score
0.287EPSS
RHEL 5 : dbus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: incorrect use of [send|receive]_requested_reply policy rule attribute in system.conf...
7.7AI Score
0.001EPSS
RHEL 7 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: scp allows command injection when using backtick characters in the destination argument ...
7.8CVSS
7.5AI Score
0.005EPSS
RHEL 6 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery (CVE-2017-7526) ...
5.9CVSS
7.5AI Score
0.004EPSS
RHEL 7 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery (CVE-2017-7526) ...
5.9CVSS
7.5AI Score
0.004EPSS
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) Apache OpenOffice versions...
7.8CVSS
8.8AI Score
0.001EPSS
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
7.6CVSS
7.5AI Score
EPSS
RHEL 7 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkitgtk: heap-based buffer overflow (WSA-2015-0001) (CVE-2014-1303) webkitgtk: Processing web content...
9.8CVSS
10AI Score
0.961EPSS
RHEL 8 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: SAE side channel attacks as a result of cache access patterns (CVE-2022-23303) The...
9.8CVSS
8.8AI Score
0.003EPSS
RHEL 5 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: PRNG output is predictable (CVE-2016-6313) libgcrypt: Use of left-to-right sliding window...
5.9CVSS
7AI Score
0.007EPSS
RHEL 6 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.5AI Score
0.019EPSS
RHEL 6 : v8 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 (CVE-2014-3188) V8: integer overflow leading...
8.8CVSS
9.3AI Score
0.035EPSS
RHEL 6 : mingw-virt-viewer (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm (CVE-2017-5848) The...
7.5CVSS
9.6AI Score
0.033EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....
6.5CVSS
5.9AI Score
0.0004EPSS
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....
6.5CVSS
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.2AI Score
0.0004EPSS
Updated gifsicle packages fix security vulnerability
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c....
7.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: rust-python-launcher-1.0.0-12.fc39
The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...
7.2AI Score
7.4AI Score
...
8.6CVSS
6.3AI Score
0.945EPSS
7.4AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.8AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.5AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.6AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.5AI Score
0.0004EPSS
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...
6.8AI Score
EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS