Lucene search
K

723 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.34 views

RHEL 7 : java-11-openjdk (RHSA-2024:0232)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0232 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

7.4CVSS7.5AI score0.01026EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.30 views

RHEL 8 : java-11-openjdk (RHSA-2024:0234)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0234 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

7.4CVSS7.5AI score0.01026EPSS
Exploits0References14
Gentoo Linux
Gentoo Linux
added 2024/01/16 12:0 a.m.21 views

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

5.3CVSS6.9AI score0.23132EPSS
Exploits1
Fedora
Fedora
added 2023/12/28 12:55 a.m.85 views

[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

5.3CVSS6.3AI score0.02507EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2023/12/22 12:0 a.m.33 views

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

6.5CVSS7.7AI score0.04683EPSS
Exploits2
Cvelist
Cvelist
added 2023/12/15 10:17 a.m.20 views

CVE-2023-48488 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.4AI score0.00562EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 4:21 p.m.67 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes

Summary Multiple issues were identified in Red Hat UBI packages, Kubernetes and go-toolset are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a...

9.8CVSS9.6AI score0.81422EPSS
Exploits34Affected Software1
Amazon
Amazon
added 2023/11/03 12:0 a.m.73 views

Important: python27

Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python27 Issue Correction: Run yum update python27 or yum update...

9.8CVSS8.5AI score0.04268EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.18 views

GLSA-202310-14 : libinput: format string vulnerability when using xf86-input-libinput

The remote host is affected by the vulnerability described in GLSA-202310-14 libinput: format string vulnerability when using xf86-input-libinput - A format string vulnerability was found in libinput CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...

7.8CVSS7.2AI score0.00364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.58 views

Amazon Corretto Java 11.x < 11.0.21.9.1 Vulnerability

The version of Amazon Corretto installed on the remote host is prior to 11 11.0.21.9.1. It is, therefore, affected by a vulnerability as referenced in the corretto-11-2023-Oct-17 advisory. - security-libs/javax.net.ssl CVE-2023-22081 Note that Nessus has not tested for this issue but has instead...

5.3CVSS6.3AI score0.014EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2023/10/04 12:0 a.m.52 views

libvpx: Multiple Vulnerabilities

Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

8.8CVSS6.9AI score0.49013EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2023/09/29 12:0 a.m.52 views

libsndfile: Multiple Vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

8.8CVSS7.4AI score0.03292EPSS
Exploits2
Fedora
Fedora
added 2023/09/07 1:29 a.m.14 views

[SECURITY] Fedora 38 Update: python3.10-3.10.13-1.fc38

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/28 8:17 a.m.58 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator

Summary Multiple issues were identified in Red Hat UBI packages systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. IBM has addressed the vulnerabilities. Vulnerability Details...

9.8CVSS9.3AI score0.09082EPSS
Exploits10Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.42 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-306)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-306 advisory. Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications tha...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 6:33 a.m.85 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset

Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...

9.8CVSS9.1AI score0.03228EPSS
Exploits4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/31 12:0 a.m.4 views

Malicious code in awell-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22989168c34b37227bb7bcfe0b03c27cd141f8ec26d34a78a0c0ba06553f881 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/07/21 11:30 a.m.44 views

CVE-2023-37276

A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...

7.5CVSS6.3AI score0.01422EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Ninja Libs Amazon SES Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Libs Amazon SES Type Plugin Vulnerable versions = 0.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9135775f08e1 Credits Rafie Muhammad Patchstack...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.63 views

Amazon Corretto Java 17.x < 17.0.8.7.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2023-Jul-18 advisory. - core-libs/java.net CVE-2023-22006 - core-libs/java.util CVE-2023-22036 - hotspot/compiler...

7.5CVSS6.2AI score0.01812EPSS
Exploits0References7
Rows per page
Query Builder