7.8CVSS
6.6AI Score
0.001EPSS
KLA68438 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...
8.4AI Score
0.0004EPSS
RHEL 8 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack...
5.9CVSS
7AI Score
0.002EPSS
RHEL 5 : dbus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dbus: incorrect use of [send|receive]_requested_reply policy rule attribute in system.conf...
7.7AI Score
0.001EPSS
RHEL 7 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.6AI Score
0.019EPSS
RHEL 7 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery (CVE-2017-7526) ...
5.9CVSS
7.5AI Score
0.004EPSS
RHEL 6 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery (CVE-2017-7526) ...
5.9CVSS
7.5AI Score
0.004EPSS
RHEL 8 : quay_quay-rhel8 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python-reportlab: Server-side request forgery via img tags (CVE-2020-28463) Note that Nessus has not tested for this...
6.5CVSS
6.7AI Score
0.002EPSS
RHEL 8 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ejs: server-side template injection in outputFunctionName (CVE-2022-29078) loader-utils: prototype...
9.8CVSS
8.6AI Score
0.287EPSS
RHEL 6 : pacemaker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local ...
7.8CVSS
7.1AI Score
0.014EPSS
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
7.6CVSS
7.5AI Score
EPSS
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) Apache OpenOffice versions...
7.8CVSS
8.8AI Score
0.001EPSS
RHEL 7 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: scp allows command injection when using backtick characters in the destination argument ...
7.8CVSS
7.5AI Score
0.005EPSS
RHEL 8 : fop (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) Server-Side Request Forgery (SSRF)...
7.1CVSS
7.2AI Score
0.001EPSS
RHEL 8 : ovmf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: 0-byte record padding oracle (CVE-2019-1559) openssl: timing attack in RSA Decryption...
7.5CVSS
7.8AI Score
0.01EPSS
RHEL 6 : v8 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 (CVE-2014-3188) V8: integer overflow leading...
8.8CVSS
9.3AI Score
0.035EPSS
RHEL 5 : libgcrypt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libgcrypt: PRNG output is predictable (CVE-2016-6313) libgcrypt: Use of left-to-right sliding window...
5.9CVSS
7AI Score
0.007EPSS
RHEL 6 : mingw-virt-viewer (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm (CVE-2017-5848) The...
7.5CVSS
9.6AI Score
0.033EPSS
RHEL 6 : perl-dbd-mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...
9.8CVSS
7.5AI Score
0.019EPSS
RHEL 8 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: SAE side channel attacks as a result of cache access patterns (CVE-2022-23303) The...
9.8CVSS
8.8AI Score
0.003EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
RHEL 7 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkitgtk: heap-based buffer overflow (WSA-2015-0001) (CVE-2014-1303) webkitgtk: Processing web content...
9.8CVSS
10AI Score
0.961EPSS
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....
6.5CVSS
5.9AI Score
0.0004EPSS
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....
6.5CVSS
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.2AI Score
0.0004EPSS
Updated gifsicle packages fix security vulnerability
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c....
7.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: rust-python-launcher-1.0.0-12.fc39
The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...
7.2AI Score
7.4AI Score
...
8.6CVSS
6.3AI Score
0.945EPSS
7.4AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.8AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.5AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.6AI Score
0.0004EPSS
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.4CVSS
6.5AI Score
0.0004EPSS
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...
6.8AI Score
EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
8.2CVSS
6.8AI Score
0.959EPSS
Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)
The version of Progress WhatsUp Gold installed on the remote host is prior to 23.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 000255428 advisory. In WhatsUp Gold versions released before 2023.1.2, a blind SSRF vulnerability exists in Whatsup Gold's ...
5.4CVSS
7.1AI Score
0.0005EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Multiple denial of service attacks affecting Node.js have been published in this security bulletin. This bulletin identifies the steps...
7.3CVSS
7.7AI Score
EPSS
5.3CVSS
6.6AI Score
0.01EPSS
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...
5.5CVSS
6.5AI Score
0.0004EPSS