python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
7.8CVSS
7.7AI Score
EPSS
libtimezonemap bug fix and enhancement update
An update is available for libtimezonemap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
tcpdump bug fix and enhancement update
An update is available for tcpdump. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
librepo bug fix and enhancement update
An update is available for librepo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
libsoup bug fix and enhancement update
An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1....
6.8AI Score
Snipe-IT allows users to promote or demote themselves or other users
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.8AI Score
0.0004EPSS
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....
7.2AI Score
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.9AI Score
0.0004EPSS
curl: Denial of Service in curl Request - HTTP headers eat all memory
Summary: Curl's unrestricted header storage lets malicious servers overwhelm memory, leading to out of Memory ( DOS) . When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on how many....
7AI Score
Exploit for Path Traversal in Solarwinds Serv-U
Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds...
8.6CVSS
7AI Score
0.343EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
8.2AI Score
0.0004EPSS
Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...
6.8CVSS
7AI Score
0.0004EPSS
7.4AI Score
9.8CVSS
7.4AI Score
0.005EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a...
8CVSS
8.4AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2020-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2020-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...
7AI Score
EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) * python-cryptography: memory corruption via...
8.1CVSS
7.6AI Score
0.005EPSS
Apple TV < 19K53 Multiple Vulnerabilities (HT212980)
According to its banner, the version of Apple TV on the remote device is prior to 19K53. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
7.2AI Score
0.007EPSS
5.5CVSS
7.4AI Score
0.002EPSS
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
SUSE SLES12 Security Update : php8 (SUSE-SU-2024:2027-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2027-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the...
5.3CVSS
9.5AI Score
0.001EPSS
Apple TV < 15.5 Multiple Vulnerabilities (HT213254)
According to its banner, the version of Apple TV on the remote device is prior to 15.5. It is therefore affected by multiple vulnerabilities as described in the...
9.8CVSS
9AI Score
0.016EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
Rocky Linux 8 : idm:DL1 (RLSA-2024:3044)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3044 advisory. * freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) Tenable has extracted the preceding description block directly...
5.3CVSS
6.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
According to its banner, the version of Apple TV on the remote device is prior to 16.3. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
7.1AI Score
0.007EPSS
7.4AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.919EPSS
7.4AI Score
7.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2024:2028-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2028-1 advisory. - CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233) Tenable has extracted the...
5.5CVSS
7.5AI Score
0.0004EPSS
Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) Tenable has extracted the preceding description block directly from the.....
6.2CVSS
9.4AI Score
0.001EPSS
Rocky Linux 8 : idm:DL1 (RLSA-2024:3755)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3755 advisory. * CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * CVE-2024-3183 freeipa:...
8.1CVSS
8.3AI Score
0.0005EPSS
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....
8.6CVSS
6AI Score
0.002EPSS
Rocky Linux 9 : nghttp2 (RLSA-2024:3501)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3501 advisory. * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note...
5.3CVSS
5.9AI Score
0.0004EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:3466)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7.8CVSS
7.3AI Score
EPSS
7.4AI Score
Linux kernel (NVIDIA) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-nvidia-6.5 - Linux kernel for NVIDIA systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this...
7.8CVSS
7.5AI Score
0.001EPSS
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...
8.8CVSS
7.5AI Score
0.002EPSS
SUSE SLES15 / openSUSE 15 Security Update : python-scikit-learn (SUSE-SU-2024:2029-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2029-1 advisory. -CVE-2024-5206: Fixed a possible sensitive data leak in TfidfVectorizer. (bsc#1226185) Tenable has extracted the preceding description...
4.7CVSS
4.7AI Score
0.0004EPSS
Debian dla-3827 : libcolorcorrect5 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...
6.4AI Score
EPSS