F5 BIG-IP - TMM vulnerability CVE-2016-9247
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to...
5.8AI Score
0.003EPSS
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite...
8.1CVSS
8.2AI Score
0.0004EPSS
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data...
6.7AI Score
0.0004EPSS
org.apache.karaf, cave is vulnerable to Server-side Request Forgery. The vulnerability is due to improper input validation, which allows attackers to manipulate the server into making unauthorized requests to internal services, potentially accessing sensitive data or interacting with internal...
7AI Score
0.0004EPSS
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic...
8.1AI Score
0.004EPSS
Exploit for Improper Access Control in Webmin
Webmin-CVE-2022-0824-revshell Vulnerability Description...
1.1AI Score
0.972EPSS
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems......
6.6AI Score
0.001EPSS
RHEL 6 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...
9.2AI Score
Exploit for Command Injection in Dlink Dns-320L Firmware
🛠️ CVE-2024-3273 Exploit Tool 🌟 Introduction This script...
8.8AI Score
0.834EPSS
F5 BIG-IP - TMM vulnerability CVE-2016-9245
Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the...
6.5AI Score
0.957EPSS
F5 BIG-IP - Linux kernel SCTP vulnerability CVE-2015-1421
The remote host is missing a security...
5.4AI Score
0.061EPSS
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum.....
7.1AI Score
0.0004EPSS
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity...
6.5CVSS
6.5AI Score
0.0004EPSS
Spring Cloud Netflix - Server-Side Request Forgery
Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacker....
6.4AI Score
0.055EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole...
8.8CVSS
7.5AI Score
0.0004EPSS
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test...
8.2AI Score
0.0004EPSS
RHEL 9 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) The c_rehash script does not...
9AI Score
Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has an arbitrary file reading vulnerability, which can be exploited.....
7.1AI Score
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration...
3.8CVSS
6.4AI Score
0.0004EPSS
RHEL 9 : rpm-ostree (RHSA-2024:3401)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3401 advisory. The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be...
7.2AI Score
Type confusion in github.com/docker/distribution
Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. A maliciously crafted OCI Container Image can cause registry clients to parse the same image in two different ways without modifying the image's digest, invalidating the common pattern of relying on....
6.9AI Score
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X...
8.4AI Score
0.028EPSS
Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. The Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a logic flaw vulnerability, which can be exploited by...
7.2AI Score
F5 BIG-IP - TCP IPv6 vulnerability CVE-2016-9252
The Traffic Management Microkernel (TMM) in F5 BIG-IP systems before 11.5.4 HF3, 11.6.x before 11.6.1 HF2, and 12.x.x before 12.1.2 do not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial of service (DoS) through unspecified...
7.4AI Score
0.957EPSS
exacqVision Web Service - Remote Code Execution
exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker...
7.7AI Score
0.008EPSS
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted...
7.3AI Score
0.001EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
7AI Score
0.007EPSS
RHEL 7 : postgresql-jdbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520) pgjdbc is an open source postgresql...
7.3AI Score
Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)
The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory. If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it...
5.3AI Score
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI...
6.7AI Score
0.0004EPSS
CentOS 9 : xorg-x11-server-Xwayland-21.1.3-5.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the xorg-x11-server-Xwayland-21.1.3-5.el9 build changelog. A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur...
8.6AI Score
The version of the FreeBSD kernel running on the remote host is 11.x prior to 11.2-RELEASE-p13, 11.x prior to 11.3-RELEASE-p2, or 12.x prior to 12.0-RELEASE-p9. It is, therefore, affected by an out-of-bounds memory access denial-of-service vulnerability in MLDv2. An unauthenticated attacker could.....
9.2AI Score
7.4AI Score
Microsoft Windows Multiple Vulnerabilities (KB5034121)
This host is missing an important security update according to Microsoft...
6.5AI Score
0.004EPSS
6.4AI Score
0.157EPSS
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,.....
6.5CVSS
7AI Score
0.0004EPSS
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*) then an attacker can...
5.9AI Score
0.001EPSS
CVE-2021-47441 mlxsw: thermal: Fix out-of-bounds memory accesses
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
7AI Score
0.0004EPSS
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover...
7.1AI Score
0.001EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker....
6.5CVSS
7.1AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of...
7.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI...
6.5AI Score
0.0004EPSS
RHEL 6 : postgresql-jdbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520) pgjdbc is an open source postgresql...
7.3AI Score
Exploit for Vulnerability in Microsoft
CVE-2024-21413 This Python script is used to abuse the...
9.8AI Score
0.006EPSS
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the csi-nodeplugin-fluid...
7.3AI Score
0.0004EPSS
libvirt security and bug fix update
An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...
7.3AI Score
0.001EPSS
Fedora 40 : thunderbird (2024-fc2ae12c31)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc2ae12c31 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover...
8.8AI Score
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the...
8.4AI Score
0.001EPSS
Memory exhaustion in github.com/distribution/distribution
Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/_catalog API endpoint...
6.3AI Score
0.0004EPSS