(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
Security Bulletin: Content Manager Enterprise Edition for March 2024 - CVE-2023-3894
Summary Content Manager Enterprise Edition is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
7.5CVSS
7.4AI Score
0.001EPSS
DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...
8.8CVSS
7.3AI Score
0.005EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
This Week in Spring - June 4th, 2024
Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...
7.2AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
(RHSA-2024:3563) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
(RHSA-2024:3561) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
(RHSA-2024:3560) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
(RHSA-2024:3559) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
Microsoft is named a leader in the Forrester Wave for XDR
“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...
6.8AI Score
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...
6AI Score
0.0004EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....
7.1CVSS
8.9AI Score
0.003EPSS
Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a...
7.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.005EPSS
iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar...
5.3CVSS
5.3AI Score
0.0004EPSS
RHEL 7 : mysql-connector-java (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258) ...
5CVSS
6.4AI Score
0.006EPSS
RHEL 6 : java-1.5.0-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) (CVE-2015-4803) ...
6.6AI Score
0.083EPSS
RHEL 5 : server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK Font processing vulnerability (6733336) (CVE-2008-5356) OpenJDK Truetype Font processing...
6.9AI Score
0.432EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3560 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.3CVSS
7.1AI Score
0.002EPSS
RHEL 7 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions (CVE-2016-1938) SSL/TLS: Birthday...
7.5CVSS
6.8AI Score
0.007EPSS
RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for...
9.8CVSS
8.8AI Score
0.259EPSS
RHEL 4 : server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK Font processing vulnerability (6733336) (CVE-2008-5356) OpenJDK Truetype Font processing...
6.9AI Score
0.432EPSS
RHEL 4 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)...
9.8CVSS
8.6AI Score
0.068EPSS
RHEL 7 : lcms2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. lcms2: Out-of-bounds read in Type_MLU_Read() (CVE-2016-10165) Unspecified vulnerability in Oracle Java...
7.1CVSS
5.8AI Score
0.011EPSS
RHEL 8 : postgresql-jdbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724) A weakness...
9.8CVSS
8.6AI Score
0.018EPSS
RHEL 5 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: buffer overflow in cachemgr.cgi (CVE-2016-4051) Squid, when transparent interception mode is...
7.5CVSS
8.6AI Score
0.964EPSS
RHEL 3 : server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK Font processing vulnerability (6733336) (CVE-2008-5356) OpenJDK Truetype Font processing...
6.9AI Score
0.432EPSS
RHEL 4 : java-1.6.0-sun (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. java: hash table collisions CPU usage DoS (oCERT-2011-003) (CVE-2012-2739) Note that Nessus has not tested for this...
5.8AI Score
0.003EPSS
RHEL 9 : giflib (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161) giflib...
7.1CVSS
7.4AI Score
0.0004EPSS
RHEL 6 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...
9.8CVSS
8.7AI Score
0.957EPSS
RHEL 6 : server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK Font processing vulnerability (6733336) (CVE-2008-5356) OpenJDK Truetype Font processing...
6.9AI Score
0.432EPSS
RHEL 6 : java-1.8.0-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) ...
8.3CVSS
8.7AI Score
0.003EPSS
RHEL 8 : libpng (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libpng: underflow read in png_check_keyword() (CVE-2015-8540) png_image_free in png.c in libpng 1.6.x...
5.5CVSS
6.5AI Score
0.022EPSS
RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) (CVE-2017-10346) ...
9.6CVSS
5.6AI Score
0.009EPSS
RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) (CVE-2013-0433) Oracle JDK 7:...
7.5AI Score
0.969EPSS
RHEL 7 : icu (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) (CVE-2015-4844) icu: Double free in...
9.8CVSS
6.9AI Score
0.057EPSS
RHEL 5 : java-1.6.0-sun (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520) (CVE-2017-3509) ...
5.9CVSS
5.2AI Score
0.007EPSS
RHEL 6 : mysql-connector-java (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) (CVE-2017-3523) ...
8.5CVSS
6.2AI Score
0.002EPSS
RHEL 5 : xmlrpc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) xmlrpc: Deserialization...
9.8CVSS
7.8AI Score
0.42EPSS
RHEL 9 : libpng (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libpng: Null pointer dereference leads to segmentation fault (CVE-2022-3857) Note that Nessus has not tested for...
5.5CVSS
5.4AI Score
0.001EPSS
RHEL 5 : others (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter (CVE-2014-0227) Apache Tomcat...
9.2AI Score
0.972EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3561 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.3CVSS
7.1AI Score
0.002EPSS
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) Apache OpenOffice versions...
7.8CVSS
8.8AI Score
0.001EPSS
RHEL 8 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636) ...
7.8CVSS
8.3AI Score
EPSS
RHEL 6 : java-1.6.0-sun (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. java: hash table collisions CPU usage DoS (oCERT-2011-003) (CVE-2012-2739) Note that Nessus has not tested for this...
6.6AI Score
0.003EPSS
RHEL 6 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions (CVE-2016-1938) SSL/TLS: Birthday...
7.5CVSS
6.5AI Score
0.102EPSS
RHEL 5 : java-1.7.0-oracle (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528) (CVE-2017-3511) Note that Nessus has...
7.7CVSS
7.3AI Score
0.001EPSS