9532, 2591 Security Vulnerabilities
RHEL 5 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
9.7AI Score
RHEL 7 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
10AI Score
RHEL 6 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
9.8AI Score
RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2018:0587)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0587 advisory. mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) mysql: Server: GIS unspecified vulnerability (CPU...
7.4AI Score
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the...
8.2CVSS
7.9AI Score
0.0004EPSS
CVE-2024-2591 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2023-2591)
The remote host is missing an update for the Huawei...
6AI Score
0.001EPSS
EulerOS 2.0 SP9 : ntp (EulerOS-SA-2023-2591)
According to the versions of the ntp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the...
6.4AI Score
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4CVSS
5.2AI Score
0.0004EPSS
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4CVSS
5.2AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
0.003EPSS
7.8AI Score
0.006EPSS
7.1AI Score
0.006EPSS
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a...
7AI Score
0.001EPSS
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a...
5.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
7.1CVSS
5.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
7.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
7.1CVSS
5.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
6.4AI Score
0.001EPSS
5.6AI Score
0.001EPSS
Stored HTML Injection in Item Label
Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. # Proof of Concept ```...
5.4CVSS
5.8AI Score
0.001EPSS
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. Recent assessments: cbeek-r7 at October 17, 2023 7:31am UTC reported: A...
6.1CVSS
6.2AI Score
0.002EPSS
7.2AI Score
0.009EPSS
Malicious code in controlreplace (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (bd99919cb7bf3d2cdbbf8b9c77d2790327b74c80e7a8e83a9433ccc7220b6b2d) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
heap-buffer-overflow in function gf_m2ts_process_tdt_tot media_tools/mpegts.c
Version ``` ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master (c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...
7.8CVSS
7.4AI Score
0.001EPSS
Android 13 introduces many enhancements in order to harden...
7.7AI Score
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...
5.9AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2022-2591)
The remote host is missing an update for the Huawei...
7.9AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2022-2591)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) Note that Tenable Network Security has extracted the preceding...
9AI Score
Malicious code in dreactbvotstrap (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (25072ffb584a022ee2d41ab37e2543607c059094ef2e102bfc14c3477db1db75) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Amazon Linux AMI : libtiff (ALAS-2022-1625)
The version of libtiff installed on the remote host is prior to 4.0.3-35.38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1625 advisory. Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote...
8.4AI Score
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
7.5AI Score
0.006EPSS
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
7.5AI Score
0.006EPSS
7.6AI Score
0.001EPSS
CVE-2022-2591 TEM FLEX-1085 reboot denial of service
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.6AI Score
0.006EPSS
SUSE SLES15 Security Update : xen (SUSE-SU-2022:2591-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2591-1 advisory. Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially...
7.9AI Score
Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...
1.5AI Score
0.009EPSS
An update is available for setroubleshoot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
1.9AI Score
Amazon Linux 2 : libtiff (ALAS-2022-1780)
The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1780 advisory. Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote...
8AI Score
Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...
7.9AI Score
0.009EPSS
Rocky Linux 8 : edk2 (RLSA-2021:2591)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2591 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...
6.8AI Score
7.6AI Score
0.002EPSS
6.8AI Score
0.009EPSS
Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2021-2591)
The remote host is missing an update for the Huawei...
7.8AI Score
0.006EPSS
EulerOS 2.0 SP3 : libldb (EulerOS-SA-2021-2591)
According to the versions of the libldb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with...
-0.4AI Score
Oracle WebLogic Server Administration Console - Remote Code Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...
9.2AI Score
0.971EPSS
6.3AI Score
0.001EPSS
openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in...
6.1AI Score
SUSE SLES15 Security Update : qemu (SUSE-SU-2021:2591-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write...
7AI Score
openSUSE: Security Advisory for qemu (openSUSE-SU-2021:2591-1)
The remote host is missing an update for...
6.4AI Score
0.001EPSS