OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...
4.4CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-35168 WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
CVE-2024-35168 WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U
On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions (Serv-U FTP and Serv-U MFT). Successful exploitation of the vulnerability allows unauthenticated attackers to read...
8.6CVSS
7.8AI Score
0.343EPSS
CVE-2024-35663 WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2024-35235 Cupsd Listen arbitrary chmod 0140777
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...
4.4CVSS
0.0004EPSS
CVE-2024-35235 Cupsd Listen arbitrary chmod 0140777
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...
4.4CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...
7.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious...
10CVSS
8AI Score
0.0004EPSS
AVEVA PI Asset Framework Client
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL...
7.3AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for Custom URL Scheme, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
8.8CVSS
7.9AI Score
0.0004EPSS
Schneider Electric APC Easy UPS Online Monitoring Software (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...
9.8CVSS
10AI Score
0.003EPSS
Rockwell Automation ControlLogix, GuardLogix, and CompactLogix
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Top 10 Critical Pentest Findings 2024: What You Need to Know
One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...
9.8CVSS
8.9AI Score
0.975EPSS
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through...
5.4CVSS
0.0004EPSS
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....
7.4AI Score
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
Azure File Sync Agent v17.3 Release - June 2024 (Security-only update)
Azure File Sync Agent v17.3 Release - June 2024 (Security-only update) This article describes the improvements and issues that are fixed in the Azure File Sync Agent v17.3 release that is dated June 2024. Additionally, this article contains installation instructions for this release. Improvements.....
4.4CVSS
6.7AI Score
0.0005EPSS
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to...
0.0004EPSS
KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...
9.1AI Score
0.0004EPSS
Oracle Linux 8 : idm:DL1 (ELSA-2024-3755)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3755 advisory. - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 Tenable has extracted the preceding description block...
8.1CVSS
8.4AI Score
0.0005EPSS
KLA68916 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...
8.1CVSS
6.3AI Score
0.001EPSS
RHEL 8 : fence-agents (RHSA-2024:3795)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
5.4CVSS
7.3AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1938-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1938-1 advisory. - CVE-2024-35195: Fix failure with updated python-requests. (bsc#1224788) Tenable has extracted the preceding description block directly...
5.6CVSS
7.4AI Score
0.0004EPSS
Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
8.1AI Score
0.001EPSS
7.2AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:1969-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1969-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...
9.8CVSS
8.1AI Score
0.001EPSS
SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2024:1967-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1967-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding description block.....
2.9CVSS
7.1AI Score
0.0004EPSS
KLA68913 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...
8.8CVSS
8.9AI Score
0.001EPSS
bind-dyndb-ldap custodia ipa [4.9.13-10.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-10] - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 - kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves:...
8.1CVSS
6.9AI Score
0.0005EPSS
A vulnerability in the BIND DNS server is related to a flaw in the use of assert(). Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS...
7.5CVSS
7.1AI Score
0.05EPSS
KLA68921 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...
8.9AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-idna (SUSE-SU-2024:1939-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1939-1 advisory. - CVE-2024-3651: Fixed a denial of service via resource consumption through specially crafted...
7.5AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : frr (SUSE-SU-2024:1971-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1971-1 advisory. - CVE-2024-34088: Fixed null pointer via get_edge() function can trigger a denial of service (bsc#1223786). -...
8.2AI Score
0.0004EPSS
7.8CVSS
8.8AI Score
0.001EPSS
Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...
7.5CVSS
7.1AI Score
0.002EPSS
8CVSS
8AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Brotli (SUSE-SU-2024:1968-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1968-1 advisory. - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825) Tenable has.....
6.5CVSS
7.7AI Score
0.006EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
10AI Score
0.0004EPSS
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
6.8AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1970-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1970-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...
9.8CVSS
8.1AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6821-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-3 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.6AI Score
0.0004EPSS