SUSE SLES15 Security Update : kernel (Live Patch 42 for SLE 15 SP3) (SUSE-SU-2024:2148-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2148-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8.5AI Score
0.0005EPSS
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 33 for SLE 15 SP3) (SUSE-SU-2024:2124-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2124-1 advisory. This update for the Linux Kernel 4.12.14-122_162 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...
7.2AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:2163-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2163-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
7CVSS
8.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : wget (SUSE-SU-2024:2154-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2154-1 advisory. - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) Tenable has extracted the preceding...
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 13 for SLE 15 SP4) (SUSE-SU-2024:2156-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2156-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_66 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...
8.2AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:2166-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2166-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_100 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : podofo (SUSE-SU-2024:2137-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2137-1 advisory. - CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855) - CVE-2018-20797: Fixed an excessive memory...
8.8CVSS
7.2AI Score
0.012EPSS
SUSE SLES12 Security Update : kernel (Live Patch 54 for SLE 12 SP5) (SUSE-SU-2024:2130-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2130-1 advisory. This update for the Linux Kernel 4.12.14-122_201 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed an...
7.8CVSS
8.3AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP2) (SUSE-SU-2024:2109-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2109-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access......
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition i...
7.4AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename...
7.4AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename...
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded...
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded...
7.3AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page...
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity...
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page...
7.5AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity...
7.4AI Score
0.0004EPSS
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....
9.8CVSS
7.8AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...
6.5CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...
5.3CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...
6.5CVSS
0.0004EPSS
First million breached Ticketmaster records released for free
The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...
7.2AI Score
CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...
5.3CVSS
0.0004EPSS
Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary Potentialcode execution vulnerability in Apache Commons Configuration ( CVE-2024-29131) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). In dctcp_update_alpha(), we use a module parameter dctcp_shift_g as follows: alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g); ... delivered_ce <<= (10 - dctcp_s...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....
6.8AI Score
0.0004EPSS
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of...
6.5CVSS
6.4AI Score
0.0004EPSS
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of...
6.5CVSS
6.8AI Score
0.0004EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
5.4CVSS
0.0004EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.3CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...
4.3CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not...
6.7AI Score
0.0004EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
5.4CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...
4.3CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.3CVSS
0.0004EPSS
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...
7.4AI Score
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...
5.3CVSS
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...
5.3CVSS
5.2AI Score
0.0004EPSS