Python IP Ranges Vulnerability (Jun 2024) - Mac OS X
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3972)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8AI Score
0.0004EPSS
7.1AI Score
EPSS
7.1AI Score
0.0004EPSS
RHEL 9 : flatpak (RHSA-2024:3970)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...
6.5CVSS
6.2AI Score
0.006EPSS
Nextcloud Server is prone to an information disclosure ...
3.5CVSS
6.7AI Score
0.0004EPSS
Python IP Ranges Vulnerability (Jun 2024) - Windows
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for mariadb (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
Fedora: Security Advisory for galera (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
Python IP Ranges Vulnerability (Jun 2024) - Linux
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
K000140043: runc vulnerability CVE-2024-21626
Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...
8.6CVSS
7AI Score
0.051EPSS
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2024:2036-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2036-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....
6.6AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...
7.6AI Score
EPSS
SUSE SLES15 Security Update : booth (SUSE-SU-2024:2042-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2042-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...
5.9CVSS
5.6AI Score
0.001EPSS
K000140039: Intel QAT vulnerability CVE-2023-32641
Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...
8.8CVSS
7.5AI Score
0.001EPSS
7.1AI Score
EPSS
Google Chrome < 126.0.6478.114 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...
8.8CVSS
9.4AI Score
0.001EPSS
SUSE SLES15 Security Update : booth (SUSE-SU-2024:2041-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2041-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...
5.9CVSS
5.6AI Score
0.001EPSS
7.4AI Score
Nextcloud Server is prone to an improper authentication ...
7.3CVSS
7AI Score
0.0004EPSS
Python SSL Vulnerability (Jun 2024) - Mac OS X
Python is prone to a vulnerability in the ssl...
6.5AI Score
0.0004EPSS
6.7AI Score
EPSS
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:2043-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2043-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may...
7.3AI Score
0.0004EPSS
K000140042: libldap vulnerability CVE-2020-15719
Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....
4.2CVSS
6.4AI Score
0.002EPSS
5.3CVSS
5.7AI Score
0.001EPSS
8.1CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : bind (SUSE-SU-2024:2033-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2033-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed...
7.5CVSS
8.1AI Score
0.05EPSS
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2035-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2035-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....
6.6AI Score
EPSS
VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Linux
VMware Workstation is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3979)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3979 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
Python SSL Vulnerability (Jun 2024) - Windows
Python is prone to a vulnerability in the ssl...
6.5AI Score
0.0004EPSS
6.7AI Score
EPSS
Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before...
7.5CVSS
7.4AI Score
0.915EPSS
6.5CVSS
5.7AI Score
0.006EPSS
7.5AI Score
EPSS
VMware Workstation Out-of-bounds read Vulnerability (VMSA-2024-0005) - Windows
VMware Workstation is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
K000140029: libcurl vulnerability CVE-2024-2398
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...
6.6AI Score
0.0004EPSS
VMware Fusion Out-of-bounds read Vulnerability (VMSA-2024-0005) - Mac OS X
VMware Fusion is prone to an out of bounds read...
5.9CVSS
5.7AI Score
0.0004EPSS
Google Chrome < 126.0.6478.114 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...
8.8CVSS
9.3AI Score
0.001EPSS
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...
4.4CVSS
7AI Score
0.0004EPSS
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...
4.4CVSS
4.8AI Score
0.0004EPSS
Malvertising Campaign Leads to Execution of Oyster Backdoor
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....
7.3AI Score
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.8AI Score
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.6AI Score
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.8AI Score
0.0004EPSS
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...
8.2CVSS
0.0004EPSS
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...
8.2CVSS
8.1AI Score
0.0004EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.2CVSS
9.7AI Score
EPSS