Amazon Linux AMI : kernel (ALAS-2024-1937)
The version of kernel installed on the remote host is prior to 4.14.343-183.564. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1937 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB...
6.3AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...
7.6AI Score
0.003EPSS
Openmediavault Remote Code Execution / Local Privilege Escalation Exploit
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse....
7.4AI Score
Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
5.7AI Score
0.0004EPSS
PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads
PingRAT secretly passes C2 traffic through firewalls using ICMP payloads. Features: Uses ICMP for Command and Control Undetectable by most AV/EDR solutions Written in Go Installation: Download the binaries or build the binaries and you are ready to go: $ git clone...
7.4AI Score
RHEL 8 : openvswitch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498) ...
8AI Score
RHEL 5 : ntp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...
8.3AI Score
RHEL 7 : ntp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks. ...
7.5AI Score
RHEL 5 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...
10AI Score
RHEL 7 : net-snmp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: NULL Pointer Exception when handling pv6IpForwarding (CVE-2022-44793) net-snmp provides...
7.4AI Score
RHEL 6 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: XML External Entity in XML...
9.5AI Score
RHEL 5 : open-iscsi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Open-iSCSI: invalid handing of the TCP urgent data pointer (CVE-2020-17437) An issue was discovered in...
8.1AI Score
RHEL 7 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) python: XML...
8.9AI Score
RHEL 5 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xen: missing descriptor table limit checking in x86 PV emulation leading to privilege escalation ...
8.8AI Score
RHEL 6 : cups (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) A...
8.6AI Score
RHEL 6 : ruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405) ruby: OpenSSL::X509::Name equality...
9.8AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.7AI Score
RHEL 6 : tcpdump (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tcpdump: SMB data printing mishandled (CVE-2018-10105) The AH parser in tcpdump before 4.9.0 has a...
7.9AI Score
RHEL 5 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: double-free vulnerability in pp_tokline asm/preproc.c (CVE-2020-24978) In Netwide Assembler (NASM)...
7.8AI Score
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
RHEL 5 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...
8.8AI Score
RHEL 6 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: double-free vulnerability in pp_tokline asm/preproc.c (CVE-2020-24978) In Netwide Assembler (NASM)...
8AI Score
RHEL 7 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: use-after-free in paste_tokens in asm/preproc.c (CVE-2019-8343) nasm: heap buffer overflow in...
8.2AI Score
RHEL 8 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: use-after-free in paste_tokens in asm/preproc.c (CVE-2019-8343) NASM nasm-2.13.03 nasm- 2.14rc15...
7.6AI Score
RHEL 5 : tcpdump (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tcpdump: SMB data printing mishandled (CVE-2018-10105) The AH parser in tcpdump before 4.9.0 has a...
8.1AI Score
RHEL 9 : openvswitch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668) A flaw was found in Open vSwitch...
7.2AI Score
RHEL 6 : iproute (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...
5.1AI Score
RHEL 7 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: arbitrary command execution via VCS path (CVE-2018-7187) golang: Command-line arguments may...
10AI Score
An update is available for unbound. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The unbound packages provide a validating, recursive, and caching DNS or...
7.1AI Score
0.0004EPSS
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. The default...
7.9AI Score
0.0004EPSS
7.3AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at...
7.5AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at...
7.5AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at...
7.5AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at...
7.5AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at...
7.5AI Score