7.5CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2024-1840)
According to the versions of the mod_http2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
7.5CVSS
8AI Score
0.005EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.2AI Score
0.005EPSS
AlmaLinux 8 : git (ALSA-2024:4084)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4084 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...
9CVSS
9.5AI Score
0.001EPSS
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-1815)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
7.5CVSS
6.9AI Score
0.005EPSS
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1822)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...
7.8CVSS
7.3AI Score
0.0005EPSS
EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2024-1827)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...
9.7AI Score
0.0005EPSS
RHEL 9 : kpatch-patch (RHSA-2024:4074)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4074 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7.8CVSS
7.6AI Score
0.011EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4084 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
9CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1823)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS...
7.5CVSS
7.7AI Score
0.001EPSS
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1843)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...
7.8CVSS
7.4AI Score
0.0005EPSS
EulerOS 2.0 SP11 : glusterfs (EulerOS-SA-2024-1812)
According to the versions of the glusterfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use- after-free.(CVE-2022-48340) Tenable...
7.5CVSS
7.8AI Score
0.001EPSS
[3.9.18-3.1] - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33887,...
7.8CVSS
7.8AI Score
0.0005EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.001EPSS
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...
3.7CVSS
6.9AI Score
0.0005EPSS
Rockwell Automation ThinManager ThinServer Improper Input Validation (CVE-2024-5990)
The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.4, 13.1.x prior to 13.1.2. It is therefore, affected by an improper input validation...
7.2AI Score
EPSS
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm...
EPSS
Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html...
EPSS
EulerOS 2.0 SP11 : expat (EulerOS-SA-2024-1810)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...
7.2AI Score
0.0004EPSS
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API...
EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.001EPSS
Google Guest Agent and Google OS Config Agent vulnerability
Releases Ubuntu 24.04 LTS Packages google-guest-agent - Google Compute Engine Guest Agent google-osconfig-agent - Google OS Config Agent Details USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04...
7.3AI Score
0.0004EPSS
This Week in Spring - June 25th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in...
7.1AI Score
Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....
7.2CVSS
7.8AI Score
EPSS
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1827)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1834)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1846)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.005EPSS
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1813)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1810)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1842)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1843)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2024-1826)
The remote host is missing an update for the Huawei...
7.1CVSS
7.5AI Score
0.0004EPSS
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via...
7.1AI Score
EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages ansible - Configuration management, deployment, and task execution system Details It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an...
7.8CVSS
7.7AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1845)
The remote host is missing an update for the Huawei...
6.7CVSS
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1849)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libyaml (EulerOS-SA-2024-1838)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1819)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.005EPSS
Aimeos HTML client may potentially reveal sensitive information in error log
Debug information can reveal sensitive information from environment variables in error...
8.8CVSS
6.5AI Score
EPSS
EulerOS 2.0 SP11 : python-pillow (EulerOS-SA-2024-1845)
According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219) Tenable...
6.7CVSS
7.4AI Score
0.0004EPSS
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2024-1841)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
5.3CVSS
6.2AI Score
0.0004EPSS
WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API
Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)...
5.7AI Score
EulerOS 2.0 SP11 : glibc (EulerOS-SA-2024-1832)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...
8.5AI Score
0.0005EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS