RHEL 9 : flatpak (RHSA-2024:3959)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
8.5CVSS
7.1AI Score
0.005EPSS
7.5CVSS
7.2AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.4AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3954)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
4.7CVSS
7.2AI Score
0.0004EPSS
8CVSS
8AI Score
0.0004EPSS
Mozilla Thunderbird Security Update (mfsa_2024-28) - Mac OS X
Mozilla Thunderbird is prone to multiple ...
6.6AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2038-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2038-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...
5.3CVSS
5.3AI Score
0.001EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.5AI Score
0.0004EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.7AI Score
0.0004EPSS
Microsoft Edge (Chromium-Based) Multiple Spoofing Vulnerabilities - Jun24
Microsoft Edge (Chromium-Based) is prone to multiple spoofing...
5.4CVSS
6.9AI Score
0.0005EPSS
Fedora: Security Advisory for thunderbird (FEDORA-2024-748bedc96c)
The remote host is missing an update for...
7.5AI Score
RHEL 9 : flatpak (RHSA-2024:3960)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.8AI Score
0.0004EPSS
RHEL 9 : firefox (RHSA-2024:3949)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3949 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
Mozilla Thunderbird Security Update (mfsa_2024-28) - Windows
Mozilla Thunderbird is prone to multiple ...
6.7AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3963)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3963 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
Ivanti Endpoint Manager < 2022 (CVE-2024-22058)
The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...
7.8CVSS
8.2AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0005EPSS
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for booth (FEDORA-2024-17e71fc540)
The remote host is missing an update for...
5.9CVSS
5.9AI Score
0.001EPSS
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...
7.8AI Score
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio...
7.7CVSS
6.7AI Score
0.006EPSS
Gradio > 4.19.1 UploadButton - Path Traversal
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton...
7.5CVSS
6.4AI Score
0.001EPSS
A Guide to RCS, Why Apple’s Adopting It, and How It Makes Texting Better
The messaging standard promises better security and cooler features than plain old SMS. Android has had it for years, but now iPhones are getting it...
7.5AI Score
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...
7AI Score
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.7AI Score
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.8AI Score
0.0004EPSS
Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section....
3.3CVSS
6.2AI Score
0.0004EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2020-1)
The remote host is missing an update for...
7.1AI Score
EPSS
openSUSE: Security Advisory for mariadb (SUSE-SU-2024:1985-1)
The remote host is missing an update for...
4.9CVSS
5.5AI Score
0.001EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-f3e0255c75)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5acee8c47f)
The remote host is missing an update for...
8.8CVSS
9AI Score
0.001EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:2005-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : libaom (SUSE-SU-2024:2030-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2030-1 advisory. - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). Tenable has extracted the...
7.5AI Score
0.0004EPSS
openSUSE: Security Advisory for bind (SUSE-SU-2024:1982-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.05EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:1990-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
openSUSE: Security Advisory for cups (SUSE-SU-2024:2003-1)
The remote host is missing an update for...
4.4CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:2029-1)
The remote host is missing an update for...
4.7CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for podman (SUSE-SU-2024:2031-1)
The remote host is missing an update for...
8.3CVSS
8.6AI Score
0.0004EPSS
openSUSE: Security Advisory for aws (SUSE-SU-2024:1984-1)
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.001EPSS
openSUSE: Security Advisory for poppler (SUSE-SU-2024:1980-1)
The remote host is missing an update for...
2.9CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1571-2)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for rmt (SUSE-SU-2024:1974-1)
The remote host is missing an update for...
9.8CVSS
7.1AI Score
0.001EPSS
openSUSE: Security Advisory for tiff (SUSE-SU-2024:2028-1)
The remote host is missing an update for...
5.5CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:2032-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2032-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Tenable has extracted the...
4.9CVSS
5.3AI Score
0.0005EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-123f2b3666)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS