In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed from the list. The...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed from the list. The...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU,.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set.....
7.1AI Score
0.0004EPSS
CVE-2024-35969 ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed from the list. The...
6.9AI Score
0.0004EPSS
CVE-2024-35952 drm/ast: Fix soft lockup
In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU,.....
7.1AI Score
0.0004EPSS
Summary The Transformation Advisor tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Commons Compress. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress.....
6.5AI Score
0.001EPSS
CVE-2024-35949 btrfs: make sure that WRITTEN is set on all metadata blocks
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set.....
7.1AI Score
0.0004EPSS
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a...
9.1CVSS
7.4AI Score
0.0004EPSS
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a...
6.9AI Score
0.0004EPSS
CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a...
7.2AI Score
0.0004EPSS
cart2quote/module-quotation-encoded is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the use of the unserialize function when processing data from a GET request, which can be exploited by attackers to execute arbitrary code remotely, particularly when custom file options...
8.6AI Score
(RHSA-2024:2913) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
8AI Score
0.0004EPSS
(RHSA-2024:2912) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
8AI Score
0.0004EPSS
Sensitive Information Disclosure
ezsystems/repository-forms is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to missing permission checks before allowing access to user data. Specifically, the system did not properly verify if the user had the 'content' edit permissions, which allowed...
6.7AI Score
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details ** CVEID: CVE-2024-1023 DESCRIPTION: **Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...
7.4AI Score
0.0004EPSS
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
6.9AI Score
(RHSA-2024:2911) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
8AI Score
0.0004EPSS
Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50164 ...
7.7AI Score
0.093EPSS
drupal/core is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to Drupal configurations using the WYSIWYG CKEditor, which can be exploited by an attacker with content creation or editing capabilities to target users with access to CKEditor, including site admins with privileged.....
6.4AI Score
Drupal is vulnerable to an Authorization Bypass. The vulnerability is due to the content moderation module failing to check a user's access to use certain transitions, potentially allowing unauthorized access to restricted...
7AI Score
6.9AI Score
0.0004EPSS
(RHSA-2024:2910) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
7.4AI Score
0.0004EPSS
(RHSA-2024:2906) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.5AI Score
0.0004EPSS
(RHSA-2024:2905) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
7.4AI Score
0.0004EPSS
(RHSA-2024:2904) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
7.4AI Score
0.0004EPSS
(RHSA-2024:2903) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
7.4AI Score
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:2912)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2912 advisory. Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode...
8.2AI Score
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-008)
The version of java-11-openjdk installed on the remote host is prior to 11.0.23.0.9-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-008 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
6.4AI Score
RHEL 9 : thunderbird (RHSA-2024:2904)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2904 advisory. Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode...
8.2AI Score
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.6 - Missing Authorization
Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to unauthorized access of functionality in versions up to, and including, 1.01.5. This makes it possible for unauthenticated attackers to make use of this functionality intended for higher...
6.7AI Score
Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed from the list. The...
6.8AI Score
0.0004EPSS
7.4AI Score
7.1AI Score
0.0004EPSS
RHEL 8 : httpd:2.4 (RHSA-2024:2907)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2907 advisory. httpd: CONTINUATION frames DoS (CVE-2024-27316) Note that Nessus has not tested for this issue but has instead relied only on the application's...
7.3AI Score
7.1AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-057)
The version of kernel installed on the remote host is prior to 5.10.216-204.855. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-057 advisory. 2024-05-23: CVE-2024-26923 was added to this advisory. In the Linux kernel, the following vulnerability...
5.1AI Score
RHEL 9 : thunderbird (RHSA-2024:2903)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2903 advisory. Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode...
8.2AI Score
7.4AI Score
RHEL 8 : thunderbird (RHSA-2024:2905)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2905 advisory. Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode...
7.6AI Score
RHEL 7 : go-toolset-1.19-golang (RHSA-2024:2892)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2892 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) Note that Nessus has not tested for this issue...
7.3AI Score
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6777-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading...
7.9AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-065)
The version of kernel installed on the remote host is prior to 5.4.275-189.375. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-065 advisory. 2024-05-23: CVE-2024-26923 was added to this advisory. A flaw was found in the smb client in the Linux...
6.1AI Score
RHEL 8 : thunderbird (RHSA-2024:2911)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2911 advisory. Mozilla: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) Mozilla: IndexedDB files retained in private browsing mode...
8.2AI Score
Description The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above,.....
7.4AI Score
0.0004EPSS
7.4AI Score
K000139678: MySQL Server vulnerability CVE-2024-21055
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
6AI Score
0.0004EPSS