Security Bulletin: IBM Controller has addressed multiple vulnerabilities
Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details ** CVEID: CVE-2023-40695 DESCRIPTION: **IBM Cognos...
9.8CVSS
9.8AI Score
0.973EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
7.3AI Score
0.0004EPSS
CVE-2023-52648 drm/vmwgfx: Unmap the surface before resetting it on a plane state
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
6.6AI Score
0.0004EPSS
Exploit for Code Injection in Vmware Spring Framework
SpringFramework_CVE-2022-22965_RCE SpringFramework...
9.8CVSS
7.5AI Score
0.975EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
6.4AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-3.0-0755
Updates of ['gnutls'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
(RHSA-2024:2132) Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
9AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0754
Updates of ['ruby', 'python3-pycryptodomex'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
RHEL 7 : rhc-worker-script (RHSA-2024:2625)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts...
6.5AI Score
0.0004EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
6.4AI Score
0.001EPSS
RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...
7.5CVSS
6.8AI Score
0.002EPSS
RHEL 9 : fence-agents (RHSA-2024:2132)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
6.1CVSS
7.4AI Score
0.001EPSS
RHEL 7 : tigervnc (RHSA-2024:2080)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2080 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
7.8CVSS
8.3AI Score
0.0005EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0259
Updates of ['ruby'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
EPSS
RHEL 7 : xorg-x11-server (RHSA-2024:0320)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0320 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical...
9.8CVSS
9.3AI Score
0.002EPSS
RHEL 8 : Satellite 6.14 (RHSA-2023:6818)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
9.9AI Score
EPSS
7.5AI Score
Important Photon OS Security Update - PHSA-2024-4.0-0600
Updates of ['ruby'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0753
Updates of ['linux-aws', 'linux-rt', 'linux-secure', 'linux-esx', 'sssd', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2101 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...
3.7CVSS
8.2AI Score
0.001EPSS
RHEL 7 / 8 : Red Hat OpenStack Platform (python-werkzeug) (RHSA-2023:1281)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1281 advisory. Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility...
7.5CVSS
7.7AI Score
0.001EPSS
RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-glance) (RHSA-2023:1280)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1280 advisory. OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images. The Image...
5.7CVSS
5.8AI Score
0.003EPSS
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:2743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2743 advisory. jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) Note that Nessus has not tested for this issue but...
9.8CVSS
7.8AI Score
0.006EPSS
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) ...
9.8CVSS
9.2AI Score
0.732EPSS
RHEL 7 : openstack-ironic-inspector (RHSA-2019:1734)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1734 advisory. ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware...
9.1CVSS
9.3AI Score
0.005EPSS
RHEL 6 / 7 : python27-python (RHSA-2019:3948)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3948 advisory. python: Cookie domain check returns incorrect results (CVE-2018-20852) python: email.utils.parseaddr wrongly parses email addresses...
7.5CVSS
7.2AI Score
0.005EPSS
RHEL 7 : rh-redis5-redis (RHSA-2019:1819)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1819 advisory. redis: Heap buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10192) redis: Stack buffer overflow in HyperLogLog...
7.2CVSS
7.3AI Score
0.23EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2019:1743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1743 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
9.8CVSS
7.7AI Score
0.011EPSS
RHEL 7 : rh-maven35-apache-commons-beanutils (RHSA-2019:4317)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4317 advisory. apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) Note that Nessus has not...
7.3CVSS
7.2AI Score
0.003EPSS
RHEL 7 : openstack-octavia (RHSA-2019:3743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3743 advisory. The OpenStack Load Balancing service (openstack-octavia) provides a Load Balancing-as-a-Service (LBaaS) version 2 implementation for Red Hat...
9.1CVSS
9.2AI Score
0.002EPSS
RHEL 6 / 7 : rh-python36-python (RHSA-2019:3725)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3725 advisory. python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) python: DOS via regular...
9.1CVSS
7.8AI Score
0.018EPSS
RHEL 7 : qpid-proton (RHSA-2019:1399)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1399 advisory. qpid-proton: TLS Man in the Middle Vulnerability (CVE-2019-0223) Note that Nessus has not tested for this issue but has instead relied only on the...
7.4CVSS
6.5AI Score
0.002EPSS
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2019:1151)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1151 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) Note that Nessus has not tested for this issue but has...
8.8CVSS
7.3AI Score
0.003EPSS
RHEL 7 : redis (RHSA-2019:2630)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2630 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
7.2CVSS
7.3AI Score
0.188EPSS
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2019:1150)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1150 advisory. rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320) rubygems: Escape sequence injection vulnerability in...
8.8CVSS
7.9AI Score
0.006EPSS
RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:2955)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2955 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PING frames results in unbounded...
7.5CVSS
7.2AI Score
0.821EPSS
RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2019:1258)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1258 advisory. mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) mysql: Server: Optimizer unspecified...
7.7CVSS
7.3AI Score
0.004EPSS
RHEL 6 / 7 : python27-python and python27-python-jinja2 (RHSA-2019:1260)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1260 advisory. python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745) python: DOS via regular expression...
7.5CVSS
7.2AI Score
0.006EPSS
RHEL 6 / 7 : rh-python36-python (RHSA-2019:0765)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0765 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) Note that Nessus has not tested for this issue but...
9.8CVSS
6.7AI Score
0.007EPSS
RHEL 7 : rh-nginx112-nginx (RHSA-2019:2746)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2746 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PRIORITY frames results in excessive...
7.5CVSS
7.2AI Score
0.097EPSS
RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-cinder) (RHSA-2023:1279)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1279 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through...
5.7CVSS
6.2AI Score
0.003EPSS
RHEL 7 : xorg-x11-server (RHSA-2024:0009)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0009 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical...
7.8CVSS
8.4AI Score
0.273EPSS
RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.1CVSS
8.3AI Score
0.004EPSS
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) ...
9.8CVSS
8AI Score
0.049EPSS
RHEL 8 : Red Hat Satellite 6 (RHSA-2024:1061)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1061 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
7.5CVSS
7AI Score
0.001EPSS
RHEL 7 : openstack-tripleo-common (RHSA-2019:1683)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1683 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo). ...
8CVSS
7AI Score
0.004EPSS
RHEL 6 / 7 : rh-python35-python (RHSA-2019:0902)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0902 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) Note that Nessus has not tested for this issue but...
9.8CVSS
6.7AI Score
0.007EPSS