Tenable Security Center < 6.4.0 Multiple Vulnerabilities (TNS-2024-10)
According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-10 advisory. Security Center leverages third-party software to help provide underlying...
9.4CVSS
7AI Score
0.005EPSS
8CVSS
8.2AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3761 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3758)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3758 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.0005EPSS
7.4AI Score
0.0004EPSS
7.8CVSS
8.7AI Score
0.001EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3754 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0005EPSS
Important: ipa security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user to access another target...
8.1CVSS
7.2AI Score
0.0005EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-gkeop-5.15 - Linux kernel for Google Container Engine (GKE) systems linux-kvm - Linux kernel for cloud environments Details It was discovered that the ATA over...
8CVSS
8.4AI Score
0.0004EPSS
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.9AI Score
0.0005EPSS
Important: idm:DL1 security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...
8.1CVSS
6.9AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.001EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3775)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3755)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3755 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0005EPSS
Important: idm:DL1 security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...
8.1CVSS
6.8AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.1AI Score
0.0004EPSS
About the security content of visionOS 1.2
About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.9AI Score
0.001EPSS
Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0005EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
9.8CVSS
8.3AI Score
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
0.001EPSS
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...
8.2CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through...
4.3CVSS
4.8AI Score
0.0004EPSS
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through...
4.3CVSS
0.0004EPSS
A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
0.0004EPSS
A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5775 SourceCodester Vehicle Management System updatebill.php sql injection
A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
0.0004EPSS
CVE-2024-5775 SourceCodester Vehicle Management System updatebill.php sql injection
A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack...
7.3CVSS
0.0004EPSS
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5774 SourceCodester Stock Management System Login index.php sql injection
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack...
7.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-5774 SourceCodester Stock Management System Login index.php sql injection
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack...
7.3CVSS
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through...
5.3CVSS
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through...
5.3CVSS
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP...
9.8CVSS
8.2AI Score
0.973EPSS
SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...
5.6CVSS
5.5AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
6.8AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...
5.4CVSS
7.5AI Score
0.0004EPSS
linux-gke, linux-ibm, linux-intel-iotg, linux-oracle vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
9.1AI Score
0.0004EPSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.9AI Score
0.0004EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct...
4.3CVSS
4.7AI Score
0.0004EPSS
Security and Human Behavior (SHB) 2024
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...
7.4AI Score