Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...
6.8CVSS
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...
6.8CVSS
6.5AI Score
0.0004EPSS
CVE-2024-37032 Path traversal in Ollama with rogue registry...
7.6AI Score
EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...
6.8CVSS
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...
6.8CVSS
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: libopenmpt-0.7.8-1.fc40
libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
7.4AI Score
[SECURITY] Fedora 39 Update: libopenmpt-0.7.8-1.fc39
libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
7.4AI Score
A flaw was found in Squid. An out-of-bounds write can be triggered when an Edge Side Includes (ESI) variable is assigned to a value not in the standard ASCII range, for example, multi-byte characters. This flaw allows a trusted server to crash Squid while processing an ESI response content,...
6.3CVSS
6.1AI Score
0.0004EPSS
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
6.8AI Score
0.001EPSS
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
0.001EPSS
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...
8.4CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...
7.5CVSS
8AI Score
0.003EPSS
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
5.9CVSS
0.0004EPSS
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
5.9CVSS
5.7AI Score
0.0004EPSS
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
0.001EPSS
Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has...
8.8CVSS
8.3AI Score
0.001EPSS
7.4AI Score
Linux kernel (Oracle) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oracle-6.5 - Linux kernel for Oracle Cloud systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.6AI Score
0.001EPSS
8.1CVSS
7AI Score
0.017EPSS
Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability
Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...
6.5CVSS
6.6AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2198-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2198-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ....
7.8AI Score
EPSS
ThroughTek P2P SDK Cleartext Transmission of Sensitive Information (CVE-2021-32934)
ThroughTek supplies multiple original equipment manufacturers of IP cameras & recorders with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds. This plugin only...
9.1CVSS
7.1AI Score
0.001EPSS
6.7AI Score
EPSS
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....
0.0004EPSS
8.1CVSS
7.1AI Score
0.017EPSS
7.4AI Score
SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2195-1 advisory. - Fix bsc#1224158 - this fixes: CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...
8.1CVSS
7AI Score
EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)
The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...
9.8CVSS
7.5AI Score
0.003EPSS
Fedora: Security Advisory for libopenmpt (FEDORA-2024-018a95fb38)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for libopenmpt (FEDORA-2024-ac4860090c)
The remote host is missing an update for...
7.5AI Score
8.1CVSS
7AI Score
EPSS
RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
9.8CVSS
8AI Score
0.732EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2189-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2189-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.7AI Score
0.005EPSS
RHEL 9 : kernel (RHSA-2024:4108)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4108 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: use...
8AI Score
0.0004EPSS
Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...
7.5CVSS
7.6AI Score
0.0004EPSS
ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access...
8.3CVSS
7.1AI Score
0.003EPSS
Atlassian Jira < 9.4.21 / 9.12.x < 9.12.8 / 9.15.x < 9.16.0 (JRASERVER-77713)
The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-77713 advisory. This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information...
7.4CVSS
7.3AI Score
0.0004EPSS
AMD Processors February 2024 Security Updates
AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...
7.9AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
9.8CVSS
8.7AI Score
EPSS
6.7AI Score
EPSS
Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.8AI Score
0.001EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)
The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...
9.8CVSS
8.3AI Score
0.05EPSS
7.4AI Score
By default, PHP accepts a maximum of 1000 variables in a request. If there are more input variables than specified, an E_WARNING is issued, and further input variables are truncated from the request depending on server configuration and application code, this can have various impacts such as...
7.4AI Score
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....
7AI Score
0.0004EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158071 advisory. IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. (CVE-2024-35116) Note that Nessus has not tested for this issue...
5.9CVSS
6.9AI Score
0.0005EPSS
Jenkins plugins Multiple Vulnerabilities (2024-06-26)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Low Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before...
6.2AI Score
0.0004EPSS
Summary IBM HTTP Server (powered by Apache) used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in.....
7.5CVSS
7.1AI Score
0.005EPSS
CVE-2024-29954 password management API prints sensitive information in log files
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
5.9CVSS
0.0004EPSS
CVE-2024-29954 password management API prints sensitive information in log files
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
5.9CVSS
5.7AI Score
0.0004EPSS