RHEL 5 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...
10AI Score
RHEL 6 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution ...
10AI Score
RHEL 8 : moment.js (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Moment.js: Path traversal in moment.locale (CVE-2022-24785) Note that Nessus has not tested for this issue but has...
7.8AI Score
RHEL 6 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. git: cvsserver command injection (CVE-2017-14867) git: Heap overflow in git archive, git log --format...
8.8AI Score
RHEL 7 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. git: Recursive submodule cloning allows using git directory twice with synonymous directory name...
8.4AI Score
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: request mixup (CVE-2022-25762) When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80...
8.5AI Score
RHEL 6 : jquery (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Cross-site scripting (XSS) via HTML tags containing whitespaces (CVE-2020-7656) In jQuery...
7.8AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.7AI Score
RHEL 6 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: LibreLogo global-event script execution (CVE-2019-9851) A vulnerability in OpenOffice's PPT...
9.6AI Score
RHEL 8 : jquery (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods ...
7.3AI Score
RHEL 8 : nodejs-debug (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-debug: Regular expression Denial of Service (CVE-2017-16137) Note that Nessus has not tested for this issue...
5.3AI Score
RHEL 5 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: mXSS due to the use of improper parser (CVE-2020-27783) An issue was discovered in lxml...
6.7AI Score
RHEL 5 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...
9.6AI Score
RHEL 7 : jquery (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Cross-site scripting (XSS) via HTML tags containing whitespaces (CVE-2020-7656) In jQuery...
7.8AI Score
RHEL 7 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) tomcat: HTTP request...
8AI Score
Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORD_SPRAY module option. This work was completed in pull request #19079 from nrathaus as well as an additional update from our developers . When the password spraying option is set, the order...
9.3AI Score
0.959EPSS
5.6AI Score
0.0005EPSS
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...
7.8AI Score
Chromium: CVE-2024-4671 Use after free in Visuals
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2024-4671 exists in the...
7AI Score
0.002EPSS
Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
7AI Score
0.0004EPSS
Chromium: CVE-2024-4558 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
7AI Score
0.0004EPSS
7.3AI Score
0.0005EPSS
K000139570: UNIX CPIO vulnerability CVE-2023-7216
Security Advisory Description A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended...
5.4AI Score
0.001EPSS
K000139579: Node.js vulneraility CVE-2024-21891
Security Advisory Description Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects...
7.5AI Score
0.0004EPSS
K000139573: node.js vulnerability CVE-2024-22017
Security Advisory Description setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects.....
6.9AI Score
0.0004EPSS
K000139577: Node.js vulnerability CVE-2024-21890
Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/. This misleading...
4.8AI Score
0.0004EPSS
Microsoft Edge (Chromium) < 124.0.2478.97 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.97. It is, therefore, affected by multiple vulnerabilities as referenced in the May 10, 2024 advisory. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-30055) Use after free in ANGLE in...
7.7AI Score
K000139580: MySQL Server vulnerability CVE-2024-20998
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
5AI Score
0.0004EPSS
K000139578: Node.js vulnerability CVE-2024-21896
Security Advisory Description The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By...
7.4AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates
In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as....
7.4AI Score
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
7.6AI Score
(RHSA-2024:2671) Important: Red Hat build of MicroShift 4.14.24 security update
Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing....
7.4AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 162 vulnerabilities disclosed in 143...
9.6AI Score
0.001EPSS
How AI enhances static application security testing (SAST)
In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...
7.8AI Score
(RHSA-2024:2667) Important: Red Hat build of MicroShift 4.15.12 security update
Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing....
7.3AI Score
0.0004EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...
10AI Score
0.037EPSS
Rockwell Automation FactoryTalk Historian SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Historian SE Vulnerabilities: Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...
7.3AI Score
0.001EPSS
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....
7.7AI Score
[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...
9.6AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...
9.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: freerdp2-2.11.7-1.fc40
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...
9.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: freerdp-3.5.1-1.fc40
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...
9.6AI Score
0.0004EPSS
7.4AI Score
7.1AI Score
0.001EPSS
Microsoft Azure Command-Line Interface (CLI) Installed (Linux)
Microsoft Azure Command-Line Interface (CLI) is installed on the remote Linux...
7.3AI Score
K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019
Security Advisory Description CVE-2023-46809 This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2024-21892 On Linux, Node.js ignores certain environment...
7.5AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA79109)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79109 advisory. A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service...
7.5AI Score
Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of.....
7.4CVSS
7.2AI Score
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite...
6.8AI Score
0.0004EPSS