SUSE SLES15 / openSUSE 15 Security Update : iperf (SUSE-SU-2024:1981-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1981-1 advisory. - Update to version 3.17.1 - CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is ...
7.3AI Score
EPSS
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the do_sync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such....
4.3CVSS
6.5AI Score
0.0004EPSS
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:1970-1)
The remote host is missing an update for...
9.8CVSS
7.1AI Score
0.001EPSS
8CVSS
7.5AI Score
0.0004EPSS
KLA68918 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...
9AI Score
0.0004EPSS
openSUSE 15 Security Update : nano (openSUSE-SU-2024:0157-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0157-1 advisory. - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) Tenable has extracted the preceding description...
4.7CVSS
4.9AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1983-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1983-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
7.8CVSS
8.5AI Score
0.001EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1988-1 advisory. Rebuild against current updated packages and go compiler. - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)...
8.3CVSS
8.3AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1939-1)
The remote host is missing an update for...
7.1AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1991-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1991-1 advisory. unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list...
7.5CVSS
7.7AI Score
0.05EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2024:1987-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1987-1 advisory. - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to...
8.3CVSS
7AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:1985-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1985-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - CVE-2023-22084: Fixed a vulnerability...
4.9CVSS
5.5AI Score
0.001EPSS
RHEL 8 : fence-agents (RHSA-2024:3811)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3811 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
5.4CVSS
5.8AI Score
0.0004EPSS
RHEL 9 : fence-agents (RHSA-2024:3820)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3820 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
5.4CVSS
5.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2024:1984-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1984-1 advisory. - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Tenable has extracted the...
9.8CVSS
7AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALAS-2024-2569)
The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2569 advisory. 2024-06-19: CVE-2022-1011 was added to this advisory. 2024-06-19: CVE-2022-1353 was added to this advisory. ...
7.8CVSS
8.3AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.4AI Score
0.001EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1990-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). -...
7.8CVSS
7AI Score
0.0004EPSS
openSUSE: Security Advisory for frr (SUSE-SU-2024:1971-1)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:1976-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1976-1 advisory. - Update to version 2.44.2 (bsc#1225071) - CVE-2024-27834: Fixed a vulnerability where an attacker with...
8.8CVSS
7.6AI Score
0.001EPSS
7.4AI Score
8CVSS
7.5AI Score
EPSS
8CVSS
7.5AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1968-1)
The remote host is missing an update for...
6.5CVSS
7.3AI Score
0.006EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1938-1)
The remote host is missing an update for...
5.6CVSS
5.7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2024:1980-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1980-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding...
2.9CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
SUSE SLES12 Security Update : unrar (SUSE-SU-2024:1975-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1975-1 advisory. - CVE-2024-33899: Fixed a denial of service via ANSI escape squences. (bsc#1225661) Tenable has extracted the preceding description block...
7.4AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2024:1974-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1974-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related...
9.8CVSS
7.2AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6831-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6831-1 advisory. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A...
7.8CVSS
7.8AI Score
0.0005EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1979-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1979-1 advisory. The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
7.8CVSS
7.9AI Score
0.001EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.001EPSS
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.2AI Score
0.0004EPSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...
5.3CVSS
6.7AI Score
0.0004EPSS
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
9.8CVSS
9.7AI Score
0.05EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
5.8AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to...
6.8AI Score
0.0004EPSS
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to...
0.0004EPSS
linux-intel-iotg-5.15 vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
8CVSS
8.2AI Score
EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...
7AI Score
EPSS
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary...
7.7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
8.8AI Score
0.001EPSS
Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
6.1AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...
5.3CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...
9.8CVSS
7.2AI Score
0.001EPSS