RHEL 6 : curl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. curl: NTLM password overflow via integer overflow (CVE-2018-14618) The default configuration for cURL...
7.8CVSS
7.9AI Score
0.07EPSS
RHEL 7 : libvncserver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvncserver: Multiple heap out-of-bound writes in VNC client code (Incomplete fix for CVE-2018-20019) ...
9.8CVSS
9.8AI Score
0.143EPSS
RHEL 5 : libxrandr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...
9.8CVSS
8.3AI Score
0.014EPSS
RHEL 6 : mingw32-gnutls (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: incorrect handling of V1 intermediate certificates (CVE-2009-5138) gnutls: incorrect error...
7.6AI Score
0.075EPSS
RHEL 6 : vnc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tigervnc: NULL pointer dereference flaw in XRegion (CVE-2014-8241) Integer overflow in TigerVNC allows...
9.8CVSS
10AI Score
0.015EPSS
RHEL 5 : fetchmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the ...
7AI Score
0.014EPSS
RHEL 7 : flex (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flex: buffer overflow in generated code (yy_get_next_buffer) (CVE-2016-6354) An issue was discovered in...
9.8CVSS
8.5AI Score
0.007EPSS
RHEL 5 : gtk-vnc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc 0.4.2 and older...
9.8CVSS
9.6AI Score
0.005EPSS
RHEL 7 : gtk-vnc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc before 0.7.0 does...
9.8CVSS
9.5AI Score
0.005EPSS
RHEL 6 : libxrandr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...
9.8CVSS
7.7AI Score
0.014EPSS
Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2024-2511)
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. This problem can occur in...
7.8AI Score
0.0004EPSS
RHEL 7 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: scp allows command injection when using backtick characters in the destination argument ...
7.8CVSS
7.5AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)
The remote host is missing an update for the Huawei...
7.8CVSS
7AI Score
0.024EPSS
RHEL 6 : libvncserver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c...
9.8CVSS
9.8AI Score
0.76EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1783)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1795)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.05EPSS
RHEL 6 : libxi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Insufficient validation of server responses result in various data mishandlings (CVE-2016-7946) ...
7.5CVSS
7.3AI Score
0.014EPSS
Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy
This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...
7.1AI Score
RHEL 5 : privoxy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. privoxy: several use-after-free issues in list.c (CVE-2015-1031) privoxy: invalid read via empty host...
7.5CVSS
7.9AI Score
0.066EPSS
RHEL 5 : mutt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mutt: buffer overflow via base64 data (CVE-2018-14359) mutt_ssl.c in mutt 1.5.16 and other versions...
9.8CVSS
8.2AI Score
0.013EPSS
RHEL 5 : openldap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file ...
7.5CVSS
6.3AI Score
0.281EPSS
RHEL 6 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...
7.5CVSS
7.6AI Score
0.106EPSS
RHEL 6 : gtk-vnc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc 0.4.2 and older...
9.8CVSS
9.6AI Score
0.005EPSS
RHEL 6 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php-pear: Unsafe deserialization of data in Archive_Tar class (CVE-2018-1000888) PECL in the download...
7.5CVSS
8.7AI Score
0.015EPSS
RHEL 6 : libx11 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) The XGetImage function in...
9.8CVSS
8.2AI Score
0.066EPSS
RHEL 7 : libxi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Insufficient validation of server responses result in various data mishandlings (CVE-2016-7946) ...
7.5CVSS
8AI Score
0.014EPSS
RHEL 7 : libxrandr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...
9.8CVSS
9.9AI Score
0.014EPSS
RHEL 7 : openldap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap: ACL restrictions bypass due to sasl_ssf value being set permanently (CVE-2019-13565) ...
7.5CVSS
6.9AI Score
0.124EPSS
RHEL 5 : libxcursor (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) ...
9.8CVSS
8.5AI Score
0.045EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
TeamCity Server < 2023.5.6 XSS Vulnerability
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...
4.6CVSS
4.7AI Score
0.0004EPSS
nginx 1.1.x < 1.1.19 / 1.0.x < 1.0.15 A Buffer Overflow Vulnerability
According to its Sever response header, the installed version of nginx is 1.0.x prior to 1.0.15 or 1.1.x prior to 1.1.19. It is, therefore, affected by the following issue : Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3...
7.8AI Score
0.024EPSS
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)
The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
6.8CVSS
6.8AI Score
0.002EPSS
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_312.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-012 advisory. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is.....
8.6CVSS
8AI Score
0.017EPSS
TeamCity Server Multiple Vulnerabilities (CVE-2024-36362 / CVE-2024-36365)
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2, prior to 2023.11.5, prior to 2023.5.6, prior to 2022.10.6, prior to 2022.04.7. It is, therefore, affected by multiple vulnerabilities: Path traversal...
6.8CVSS
6.5AI Score
0.0004EPSS
TeamCity Server < 2024.3.2 Multiple Vulnerabilities
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2 It is, therefore, affected by multiple vulnerabilities: Users can perform actions that should not be available to them based on their permissions...
6.5CVSS
4.9AI Score
0.0004EPSS
Amazon Linux 2 : golang (ALAS-2024-2554)
The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
7.3AI Score
0.0004EPSS
6.5CVSS
6.5AI Score
0.0004EPSS
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
9.2AI Score
0.975EPSS
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
6.5AI Score
0.0004EPSS
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
5.5AI Score
0.0004EPSS
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
5.4AI Score
0.0004EPSS
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
6.7AI Score
0.0004EPSS
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a...
8.6CVSS
6.9AI Score
0.945EPSS
Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors
A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term...
7.3AI Score
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...
6.7AI Score
0.0004EPSS