Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,IPS Module,NIP6300,NetEngine16EX Security Vulnerabilities

nessus
nessus

RHEL 8 : idm:DL1 (RHSA-2024:3758)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3758 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:3781)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

8.1CVSS

8.4AI Score

EPSS

2024-06-10 12:00 AM
cvelist
cvelist

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 12:00 AM
spring
spring

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,.....

7AI Score

2024-06-10 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6819-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-10 12:00 AM
2
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0215)

The remote host is missing an update for...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 9 : ipa (RHSA-2024:3754)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3754 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....

7.3AI Score

EPSS

2024-06-10 12:00 AM
openvas

9.8CVSS

8.2AI Score

0.973EPSS

2024-06-10 12:00 AM
13
packetstorm

7.4AI Score

EPSS

2024-06-10 12:00 AM
58
openvas
openvas

Ubuntu: Security Advisory (USN-6818-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-10 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0214)

The remote host is missing an update for...

7.1AI Score

EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : idm:DL1 (RHSA-2024:3755)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3755 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : idm:DL1 (RHSA-2024:3775)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:3784)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3784 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): *...

7.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

7.5CVSS

7.4AI Score

0.05EPSS

2024-06-10 12:00 AM
openvas
openvas

Fedora: Security Advisory for galera (FEDORA-2024-6ea93e629b)

The remote host is missing an update for...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : nghttp2 (RHSA-2024:3763)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3763 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : idm:DL1 (RHSA-2024:3756)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3783)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : ipa (RHSA-2024:3760)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection Remote Code...

9.8CVSS

10AI Score

0.932EPSS

2024-06-09 11:32 PM
96
nvd
nvd

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

0.932EPSS

2024-06-09 08:15 PM
26
debiancve
debiancve

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.7AI Score

0.932EPSS

2024-06-09 08:15 PM
48
osv
osv

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

7AI Score

0.932EPSS

2024-06-09 08:15 PM
3
cve
cve

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.5AI Score

0.932EPSS

2024-06-09 08:15 PM
100
In Wild
alpinelinux
alpinelinux

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-09 08:15 PM
7
vulnrichment
vulnrichment

CVE-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

7.1AI Score

0.932EPSS

2024-06-09 07:42 PM
1
cvelist
cvelist

CVE-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

0.932EPSS

2024-06-09 07:42 PM
10
openvas
openvas

Fedora: Security Advisory for nginx (FEDORA-2024-06e6dcbb42)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 12:00 AM
attackerkb
attackerkb

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

7.2AI Score

0.932EPSS

2024-06-09 12:00 AM
4
openvas
openvas

Fedora: Security Advisory for nginx (FEDORA-2024-2e4858330c)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 12:00 AM
7
cve
cve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.2AI Score

0.0004EPSS

2024-06-08 01:15 PM
24
nvd
nvd

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

0.0004EPSS

2024-06-08 01:15 PM
1
debiancve
debiancve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
vulnrichment
vulnrichment

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.7AI Score

0.0004EPSS

2024-06-08 12:53 PM
1
cvelist
cvelist

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

0.0004EPSS

2024-06-08 12:53 PM
2
kitploit
kitploit

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...

7.4AI Score

2024-06-08 12:30 PM
7
githubexploit

8.6CVSS

8.6AI Score

0.945EPSS

2024-06-08 10:17 AM
83
cve
cve

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-08 03:15 AM
4
nvd
nvd

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

0.001EPSS

2024-06-08 03:15 AM
2
cvelist
cvelist

CVE-2024-5663 Cards for Beaver Builder <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

0.001EPSS

2024-06-08 02:35 AM
1
nessus
nessus

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1949-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1949-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has extracted the preceding description block...

8AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...

7AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...

5.4CVSS

7.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...

5.6CVSS

5.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:1936-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1936-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...

6.9AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....

5.6CVSS

5.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
Total number of security vulnerabilities447862