Lucene search

K

HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers Security Vulnerabilities

thn
thn

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

7.2AI Score

2024-06-06 07:15 AM
3
packetstorm

7.4AI Score

2024-06-06 12:00 AM
79
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
trendmicroblog
trendmicroblog

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando...

7.4AI Score

2024-06-06 12:00 AM
6
almalinux
almalinux

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nessus
nessus

RHEL 8 : cockpit (RHSA-2024:3667)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
osv
osv

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.001EPSS

2024-06-05 04:56 PM
4
github
github

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.001EPSS

2024-06-05 04:56 PM
10
osv
osv

wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl

wolfictl leaks GitHub tokens to remote non-GitHub git servers in...

4.4CVSS

6.4AI Score

0.0004EPSS

2024-06-04 03:19 PM
3
thn
thn

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8.....

9.9CVSS

8.5AI Score

0.938EPSS

2024-06-04 02:43 PM
5
thn
thn

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

7.5CVSS

8AI Score

0.955EPSS

2024-06-04 03:25 AM
3
thn
thn

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...

7.3AI Score

2024-06-03 01:45 PM
4
securelist
securelist

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

7.8CVSS

6AI Score

0.003EPSS

2024-06-03 10:00 AM
8
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
6
redhatcve
redhatcve

CVE-2024-36020

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...

6.5AI Score

0.0004EPSS

2024-06-03 08:31 AM
1
nessus
nessus

RHEL 6 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the ...

7.6AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxfixes (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXfixes: Insufficient validation of server responses results in Integer overflow (CVE-2016-7944) ...

9.8CVSS

10AI Score

0.013EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Multiple Array Index error leading to heap-based OOB write (CVE-2013-1998) libXi: Insufficient...

7.5CVSS

8.9AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

9.8CVSS

10AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxv (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXv: Insufficient validation of server responses results in out-of bounds accesses (CVE-2016-5407) ...

9.8CVSS

10AI Score

0.011EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 5 : libxxf86dga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXxf86dga: Array Index error leading to heap-based OOB write (CVE-2013-2000) Multiple integer...

7.5AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: Command injection through clients via malicious svn+ssh URLs (CVE-2017-9800) Svnserve in...

9.8CVSS

8.9AI Score

0.129EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS

7.8AI Score

0.024EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 7 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Insufficient validation of server responses in FontNames (CVE-2016-7943) The XGetImage function...

6.7CVSS

10AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...

9.8CVSS

9.8AI Score

0.01EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : bzr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bzr: does not strip bzr+ssh SSH options (CVE-2017-14176) Algorithmic complexity vulnerability in the...

8.8CVSS

8.1AI Score

0.053EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tigervnc: NULL pointer dereference flaw in XRegion (CVE-2014-8241) Integer overflow in TigerVNC allows...

9.8CVSS

8.3AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap: incorrect multi-keyword mode cipherstring parsing (CVE-2015-3276) ...

7.5CVSS

7.1AI Score

0.915EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : bind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) ISC...

7.5CVSS

7.1AI Score

0.934EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...

9.8CVSS

9.7AI Score

0.01EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. curl: FTP wildcard out of bounds read (CVE-2017-8817) CRLF injection vulnerability in libcurl 6.0...

8.8CVSS

7.5AI Score

0.017EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : bind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. DNS response rate limiting can simplify cache poisoning attacks (CVE-2013-5661) ISC BIND through...

7.5CVSS

7.5AI Score

0.01EPSS

2024-06-03 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...

7.5CVSS

8AI Score

0.05EPSS

2024-06-03 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1783)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...

7.5CVSS

8.1AI Score

0.05EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : odo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) ...

7.5CVSS

8.3AI Score

0.005EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ruby: Fiddle::Function.new heap buffer overflow (CVE-2016-2339) DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2,...

8.1CVSS

7.7AI Score

0.08EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: FTP symlink arbitrary filesystem access (CVE-2014-4877) wget: Lack of filename checking allows...

8.8CVSS

7.8AI Score

0.955EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...

7.5CVSS

7.4AI Score

0.256EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

9.8CVSS

8.1AI Score

0.106EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) Integer...

9.8CVSS

10AI Score

0.01EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) Multiple integer overflows...

9.8CVSS

8.6AI Score

0.066EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxvmc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXvMC: Insufficient validation of server responses results in buffer underflow (CVE-2016-7953) ...

9.8CVSS

10AI Score

0.019EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : pidgin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML (CVE-2017-2640) ...

5.5CVSS

5.8AI Score

0.021EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : flex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. flex: Recursive calls in the function mark_beginning_as_normal resulting in a denial of service (CVE-2019-6293) ...

5.5CVSS

7.4AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

9.8CVSS

10AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

9.8CVSS

7.9AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php-pear: Unsafe deserialization of data in Archive_Tar class (CVE-2018-1000888) PECL in the download...

7.5CVSS

7.7AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : pidgin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities (CVE-2016-2368) pidgin: Eavesdropping...

8.8CVSS

7.4AI Score

0.021EPSS

2024-06-03 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1797)

The remote host is missing an update for the Huawei...

7.8CVSS

7AI Score

0.024EPSS

2024-06-03 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS

7.7AI Score

0.024EPSS

2024-06-03 12:00 AM
1
Total number of security vulnerabilities71555