Norton; Symantec Endpoint Protection (SEP); Symantec Endpoint Protection Small Business Edition (SEP SBE); Symantec Endpoint Protection Cloud (SEP Cloud) Security Vulnerabilities
Reflected Cross-site Scripting (XSS)
jupyter-server-proxy is vulnerable to Reflected Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of the host value in the /proxy endpoint, allowing an attacker to send a phishing link with custom JavaScript that runs when the user clicks the link, potentially granting.....
9.6CVSS
6.2AI Score
0.0004EPSS
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already....
9.8CVSS
7.7AI Score
0.321EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...
8.3CVSS
5.7AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes th...
7.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Avoid use-after-free for scale_freq_data Currently topology_scale_freq_tick() (which gets called from scheduler_tick()) may end up using a pointer to "struct scale_freq_data", which was previously cleared by...
7AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
6.7AI Score
0.0004EPSS
Amazon Linux 2 : openssl11 (ALAS-2024-2564)
The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2564 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions ...
6.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1973-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1973-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.9AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
Amazon Linux 2 : cri-tools (ALAS-2024-2568)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
8.2AI Score
0.0004EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1986-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1986-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.9AI Score
0.001EPSS
Fedora: Security Advisory for singularity-ce (FEDORA-2024-c95d3199c5)
The remote host is missing an update for...
8.3CVSS
8.6AI Score
0.0005EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via...
7.9AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2024:1984-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1984-1 advisory. - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Tenable has extracted the...
9.8CVSS
7AI Score
0.001EPSS
RHEL 9 : fence-agents (RHSA-2024:3820)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3820 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
5.4CVSS
5.8AI Score
0.0004EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1990-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). -...
7.8CVSS
7AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1968-1)
The remote host is missing an update for...
6.5CVSS
7.3AI Score
0.006EPSS
SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2024:1974-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1974-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related...
9.8CVSS
7.2AI Score
0.001EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.15.17 (RHSA-2024:3676)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3676 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
8.1CVSS
8.3AI Score
0.0004EPSS
Using AI in Business Security Decision-Making: Enhancing Protection and Efficiency
Enhance business security with AI-driven decision-making. Use advanced tools for accurate threat detection, compliance, and proactive crisis...
7.6AI Score
Patch Tuesday, June 2024 “Recall” Edition
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....
9.8CVSS
8.9AI Score
0.003EPSS
Securing Online Business Transactions: Essential Tools and Practices
Enhance your online transaction security with encryption, VPNs, and authentication. Understand threats, address vulnerabilities, and use secure payment gateways. Stay compliant with PCI DSS and regulatory standards to protect your business and build customer...
7.4AI Score
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
0.0004EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
8.4AI Score
0.0004EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
5.6AI Score
0.0004EPSS
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
5.7AI Score
0.0004EPSS
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
0.0004EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
6AI Score
0.0004EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
5.8AI Score
0.0004EPSS
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
9.8CVSS
9.7AI Score
0.05EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
7.3CVSS
0.001EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.3CVSS
7.2AI Score
0.001EPSS
8.8CVSS
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.002EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7CVSS
6.9AI Score
0.0004EPSS
5.5CVSS
5.3AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.3CVSS
7.2AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
0.0005EPSS
7.8CVSS
7.7AI Score
0.0005EPSS