Lucene search

K

Ryzen™ 3000 Series Desktop Processors Security Vulnerabilities

nessus
nessus

RHEL 5 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) Apache Tomcat 6.x before...

8.9AI Score

0.975EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) ...

6.2AI Score

0.002EPSS

2024-05-11 12:00 AM
3
nessus
nessus

RHEL 6 : hw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900) ...

8.1AI Score

EPSS

2024-05-11 12:00 AM
4
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2024:1610-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1610-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using...

9.8CVSS

7.2AI Score

0.0004EPSS

2024-05-11 12:00 AM
3
nessus
nessus

SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2024:1609-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1609-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version...

9.8CVSS

7.8AI Score

0.0004EPSS

2024-05-11 12:00 AM
4
nessus
nessus

RHEL 7 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-good: Heap buffer overflow in FLIC decoder (CVE-2016-9636) The...

8.5AI Score

0.015EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 5 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial...

8.9AI Score

0.022EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

9.2AI Score

0.895EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 5 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: doapr_outch function does not verify that certain memory allocation succeeds (CVE-2016-2842) ...

8.5AI Score

0.895EPSS

2024-05-11 12:00 AM
nessus
nessus

RHEL 7 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial...

8.5AI Score

0.012EPSS

2024-05-11 12:00 AM
nessus
nessus

RHEL 5 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) Note that...

6.6AI Score

0.002EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: LibreLogo global-event script execution (CVE-2019-9851) A vulnerability in OpenOffice's PPT...

9.6AI Score

EPSS

2024-05-11 12:00 AM
5
nessus
nessus

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

8.8AI Score

EPSS

2024-05-11 12:00 AM
7
nessus
nessus

RHEL 5 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction...

7.8AI Score

0.003EPSS

2024-05-11 12:00 AM
3
nessus
nessus

RHEL 6 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction...

7.8AI Score

0.003EPSS

2024-05-11 12:00 AM
4
nessus
nessus

RHEL 6 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc ...

9.2AI Score

0.022EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) The OpenSSL DSA signature...

8.7AI Score

0.106EPSS

2024-05-11 12:00 AM
17
nessus
nessus

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

9.7AI Score

0.38EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

8.7AI Score

EPSS

2024-05-11 12:00 AM
43
nessus
nessus

RHEL 6 : mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) (CVE-2016-3477) mysql:...

9.5AI Score

0.118EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 7 : gnome-desktop (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gnome-desktop: thumbnailer security bypass (CVE-2019-11460) Note that Nessus has not tested for this issue but has...

9.2AI Score

0.002EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 7 : flatpak (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101) Flatpak...

7.7AI Score

0.008EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...

7AI Score

0.013EPSS

2024-05-11 12:00 AM
10
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause...

7.5CVSS

7.3AI Score

0.001EPSS

2024-05-10 06:32 PM
5
rapid7blog
rapid7blog

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...

7.8AI Score

2024-05-10 05:31 PM
24
thn
thn

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the...

7AI Score

2024-05-10 02:54 PM
1
rocky
rocky

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

8.8CVSS

7.2AI Score

0.001EPSS

2024-05-10 02:32 PM
6
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

6.7AI Score

0.001EPSS

2024-05-10 02:32 PM
9
osv
osv

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

7.8CVSS

7.4AI Score

0.0005EPSS

2024-05-10 02:32 PM
8
rocky
rocky

sushi bug fix update

An update is available for sushi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Sushi is a quick file previewer for Nautilus, the GNOME desktop file manager......

7.3AI Score

2024-05-10 02:32 PM
4
osv
osv

Important: tracker-miners security update

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker. Security Fix(es): tracker-miners: sandbox escape (CVE-2023-5557) For more details about the security issue(s),...

7.7CVSS

6.7AI Score

0.005EPSS

2024-05-10 02:32 PM
4
rocky
rocky

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-05-10 02:32 PM
8
rocky
rocky

tracker-miners security update

An update is available for tracker-miners. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tracker is a powerful desktop-neutral first class object database,...

7.7CVSS

7.2AI Score

0.005EPSS

2024-05-10 02:32 PM
2
rocky
rocky

gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update

An update is available for gnome-menus, gnome-shell, gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing...

7.3AI Score

2024-05-10 02:32 PM
4
osv
osv

Moderate: flatpak security, bug fix, and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792) Security Fix(es): flatpak: TIOCLINUX can send commands outside sandbox if running on a...

10CVSS

8.9AI Score

0.001EPSS

2024-05-10 02:32 PM
3
rocky
rocky

flatpak security, bug fix, and enhancement update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed...

10CVSS

7.3AI Score

0.001EPSS

2024-05-10 02:32 PM
3
rocky
rocky

microcode_ctl bug fix and enhancement update

An update is available for microcode_ctl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The microcode_ctl packages provide microcode updates for Intel...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-05-10 02:32 PM
7
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-10 04:07 AM
7
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1578-1)

The remote host is missing an update for...

7.1CVSS

7AI Score

0.0004EPSS

2024-05-10 12:00 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...

5.9CVSS

6.4AI Score

0.001EPSS

2024-05-09 07:33 PM
21
amazon
amazon

Important: flatpak

Issue Overview: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of...

8.4CVSS

8.2AI Score

0.0004EPSS

2024-05-09 07:16 PM
3
amazon
amazon

Medium: freerdp

Issue Overview: 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based...

9.8CVSS

9.3AI Score

0.001EPSS

2024-05-09 07:16 PM
5
thn
thn

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It...

7.6CVSS

6.6AI Score

0.0005EPSS

2024-05-09 05:55 PM
1
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

10CVSS

10AI Score

0.05EPSS

2024-05-09 12:31 PM
12
securelist
securelist

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

7.7AI Score

2024-05-09 10:00 AM
20
cvelist
cvelist

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

6.7AI Score

0.0004EPSS

2024-05-09 06:32 AM
fedora
fedora

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 02:05 AM
4
fedora
fedora

[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 02:05 AM
3
fedora
fedora

[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 01:49 AM
6
fedora
fedora

[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 01:49 AM
2
Total number of security vulnerabilities84217