7.4AI Score
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...
0.0004EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...
8.2CVSS
6.1AI Score
0.001EPSS
Oracle Linux 8 : python3.11 (ELSA-2024-4058)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4058 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
7.8CVSS
7.5AI Score
0.0005EPSS
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into...
8.2CVSS
7.1AI Score
0.001EPSS
SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has extracted the preceding description...
7AI Score
0.0004EPSS
7.4AI Score
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
RHEL 9 : pki-core (RHSA-2024:4051)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.8AI Score
0.0004EPSS
RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...
7.5CVSS
7.3AI Score
0.0004EPSS
Amazon Linux 2 : iperf3 (ALAS-2024-2579)
The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this...
5.3CVSS
7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
RHEL 8 : python3.11 (RHSA-2024:4058)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
7.8CVSS
7.4AI Score
0.0005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2024:2171-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2171-1 advisory. - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Tenable has extracted the...
7.3CVSS
7.3AI Score
0.003EPSS
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the...
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:4063)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
8.2AI Score
0.0004EPSS
RHEL 9 : dnsmasq (RHSA-2024:4052)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...
7.5CVSS
6.9AI Score
0.003EPSS
Dextaz Ping <= 0.65 - Admin+ RCE
Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the...
9.1CVSS
7.4AI Score
0.0005EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn (Green Unicorn) is a Python WSGI HTTP server for UNIX. Security Fix(es): * HTTP Request Smuggling due to improper validation of...
7.5CVSS
7.7AI Score
0.0004EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
6.7AI Score
0.0005EPSS
RHEL 9 : libreswan (RHSA-2024:4050)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-1 advisory. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the...
4.4CVSS
9.6AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2180-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2180-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...
6.8AI Score
0.0004EPSS
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
6.9AI Score
0.0004EPSS
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
0.0004EPSS
The Ultimate Guide To Buying A Server For Your Small Business
Purchasing a server might be difficult. This is particularly valid for those making their first purchase. There...
7.3AI Score
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
8.4AI Score
Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...
7.5CVSS
6AI Score
0.001EPSS
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,"...
7.8CVSS
9.1AI Score
0.97EPSS
Warning: New Adware Campaign Targets Meta Quest App Seekers
A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...
7.1AI Score
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
6.5AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
6.5AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
5.4AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
0.001EPSS
CVE-2024-4940 Open Redirect in gradio-app/gradio
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.8AI Score
0.001EPSS
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...
5.3CVSS
5.3AI Score
0.0004EPSS
SUSE SLES15 Security Update : vte (SUSE-SU-2024:2152-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2152-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....
6.8AI Score
0.0004EPSS
ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...
0.0004EPSS
ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...
6.5AI Score
0.0004EPSS
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...
7.3AI Score
0.133EPSS
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...
0.133EPSS