RHEL 7 : Red Hat OpenStack Platform 13.0 (RHSA-2023:3161)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3161 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.3AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (RHSA-2023:3157)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3157 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.8CVSS
8.8AI Score
0.732EPSS
RHEL 7 : openstack-tripleo-common (RHSA-2019:1742)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1742 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo). ...
8CVSS
7AI Score
0.004EPSS
RHEL 7 : openstack-nova (RHSA-2019:2652)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2652 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 8 : Red Hat Virtualization (RHSA-2023:0759)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0759 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java...
5.5CVSS
5.9AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (RHSA-2023:3156)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3156 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-nova) (RHSA-2023:1015)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1015 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-nova) (RHSA-2023:1278)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1278 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
RHEL 7 : Red Hat OpenStack Platform 8 director (RHSA-2018:2857)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2857 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...
7.5CVSS
7.6AI Score
0.964EPSS
RHEL 7 : openstack-nova (RHSA-2018:0241)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0241 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2018:0314)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0314 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2018:2855)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2855 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
7.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : openstack-nova (RHSA-2018:2714)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2714 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
7.5CVSS
6.4AI Score
0.003EPSS
RHEL 7 : openstack-nova (RHSA-2019:2631)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2631 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2019:2622)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2622 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
10AI Score
0.957EPSS
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who...
8.6CVSS
8.7AI Score
0.0004EPSS
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
5.3CVSS
6.3AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected...
7.7CVSS
6.8AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search...
7.8CVSS
6.8AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search...
7.8CVSS
7.7AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected...
7.7CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected...
7.7CVSS
7.8AI Score
0.0004EPSS
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search...
7.8CVSS
7.8AI Score
0.0004EPSS
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....
6CVSS
5.5AI Score
0.0004EPSS
Issue Overview: Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages. (CVE-2023-46846) Affected Packages: squid Issue Correction: Run yum update squid to update your system. New Packages: i686: ...
9.3CVSS
6.8AI Score
0.003EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Business email compromise (BEC) was the top threat observed by Cisco Talos Incident Response (Talos IR) in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access...
8.3AI Score
0.733EPSS
Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
Summary Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code (CVE-2023-7104). RPM is used by AIX for package management. Vulnerability Details ** CVEID: CVE-2023-7104 DESCRIPTION: **SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by...
7.3CVSS
8AI Score
0.001EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
6.7CVSS
8.4AI Score
0.0004EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
6.7CVSS
6.4AI Score
0.0004EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
6CVSS
6.9AI Score
0.0004EPSS
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
8.5CVSS
7.1AI Score
0.0004EPSS
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
8.5CVSS
8.7AI Score
0.0004EPSS
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
8.5CVSS
7.6AI Score
0.0004EPSS
CVE-2024-32876 NewPipe has potential security vulnerability when importing settings
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
8.5CVSS
8.8AI Score
0.0004EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...
8.3AI Score
0.942EPSS
AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)...
7.3CVSS
9.4AI Score
0.001EPSS
Backup Migration < 1.4.4 - Information Exposure via Log Files
Description The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via log...
5.3CVSS
6.7AI Score
0.0004EPSS
8.8CVSS
7.4AI Score
0.871EPSS
Apache Solr Backup/Restore API Remote Code Execution Exploit
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as...
8.8CVSS
8.7AI Score
0.871EPSS
Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming?...
7.3AI Score
7.8CVSS
7.2AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.929EPSS
Percona XtraBackup vulnerability
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages percona-xtrabackup - Open source backup tool for InnoDB and XtraDB Details It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code...
7.8CVSS
7.6AI Score
0.0004EPSS
WordPress Backup & Migration < 1.4.9 - Missing Authorization to Directory Traversal
Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber...
4.3CVSS
6.7AI Score
0.0004EPSS
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
6.8CVSS
6.6AI Score
0.0004EPSS