RHEL 6 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...
7.5CVSS
7.5AI Score
0.082EPSS
6.4AI Score
0.0004EPSS
RHEL 6 : rabbitmq-server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rabbitmq: MQTT connection authentication succeeds with empty password (CVE-2016-9877) An issue was...
7.8CVSS
6.9AI Score
0.003EPSS
RHEL 6 : flash-plugin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: arbitrary code execution via unspecified vulnerability (CVE-2011-4694) Unspecified...
9.2AI Score
0.036EPSS
RHEL 8 : fwupdate (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Use-after-free in rmmod command (CVE-2020-25632) grub2: Out-of-bounds write in...
8.2CVSS
9.2AI Score
0.002EPSS
RHEL 6 : v8 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 (CVE-2014-3188) V8: integer overflow leading...
8.8CVSS
9.3AI Score
0.035EPSS
RHEL 4 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: assertion failure in Range header processing (SQUID-2014:2) (CVE-2014-3609) squid: off-by-one...
7.8AI Score
0.958EPSS
RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ovirt-engine: connection does not validate certificate attributes. (CVE-2014-3706) Red Hat Enterprise...
6.5CVSS
7.3AI Score
0.001EPSS
Decompressors can crash the JVM and leak memory content in Aircompressor
Summary All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). Details When decompressing certain data, the...
8.6CVSS
6.2AI Score
0.0004EPSS
Decompressors can crash the JVM and leak memory content in Aircompressor
Summary All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). Details When decompressing certain data, the...
8.6CVSS
6.2AI Score
0.0004EPSS
[SECURITY] [DSA 5703-1] linux security update
Debian Security Advisory DSA-5703-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2022-48655 CVE-2023-52585...
7.8CVSS
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: rust-scx_rusty-0.5.4-2.fc39
A multi-domain, BPF / user space hybrid scheduler used within sched_ext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them....
7.2AI Score
[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...
7.2AI Score
4.9CVSS
6.7AI Score
0.013EPSS
Debian dsa-5703 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5703 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5703-1 [email protected] ...
7.8CVSS
8.4AI Score
0.0004EPSS
4.9CVSS
7AI Score
EPSS
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...
7CVSS
7.1AI Score
0.001EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...
7CVSS
7AI Score
0.0004EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
K000139859: Envoy vulnerability CVE-2024-30255
Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....
5.3CVSS
6.7AI Score
0.0004EPSS
This error occurs when the storage device is formatted with a 4k logical block size and the Veeam Data Mover Service does not have sufficient permissions to determine the logical block...
7AI Score
In the jungle of AWS S3 Enumeration
Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable...
7.3AI Score
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
9.2AI Score
0.975EPSS
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
6.3AI Score
0.0004EPSS
CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
6.2AI Score
0.0004EPSS
CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
6.7AI Score
0.0004EPSS
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1720)
The remote host is missing an update for the Huawei...
7.5CVSS
7AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1753)
The remote host is missing an update for the Huawei...
8.3CVSS
7.1AI Score
0.025EPSS
7.5CVSS
6.7AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
7.1AI Score
0.0004EPSS
6.4CVSS
7.2AI Score
EPSS
8.4CVSS
6.7AI Score
0.0004EPSS
9CVSS
6.7AI Score
0.001EPSS
virt:ol and virt-devel:rhel security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...
6.2CVSS
7.7AI Score
0.001EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.3CVSS
8.4AI Score
0.025EPSS
7.8CVSS
7.1AI Score
0.001EPSS
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...
8.6CVSS
8.6AI Score
0.0004EPSS
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...
8.6CVSS
6.7AI Score
0.0004EPSS
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...
8.6CVSS
6.3AI Score
0.0004EPSS
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...
8.6CVSS
8.6AI Score
0.0004EPSS
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...
8.6CVSS
8.5AI Score
0.0004EPSS
Is Your Computer Part of ‘The Largest Botnet Ever?’
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...
7.4AI Score
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection. Support for handling PHP objects as values in this module has been deprecated, and the...
6.3AI Score
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection. Support for handling PHP objects as values in this module has been deprecated, and the...
6.3AI Score
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
6.8AI Score
0.0004EPSS
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
6.6AI Score
0.0004EPSS