Lucene search

K

BIG-IP (AFM, ASM) Security Vulnerabilities

openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

7.5CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
3
f5
f5

K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080

Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...

5.6AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
nessus
nessus

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

9.8CVSS

6.5AI Score

0.969EPSS

2024-06-03 12:00 AM
1
f5
f5

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

7.2CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
nessus
nessus

RHEL 7 : kernel-rt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645) An issue...

7.5CVSS

6.7AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : mcg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet ...

7.5CVSS

10AI Score

0.004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: tomcat writable config files allow privilege escalation (CVE-2016-6325) Apache Tomcat 5.5.0...

7.8CVSS

7.9AI Score

0.154EPSS

2024-06-03 12:00 AM
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 8 : net-snmp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...

6.5CVSS

8.1AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) Apache Tomcat 5.5.0 through...

7.5CVSS

8.1AI Score

0.908EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

9.8CVSS

10AI Score

0.969EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 9 : net-snmp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...

6.5CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei...

7.3CVSS

6.4AI Score

0.001EPSS

2024-06-03 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

7.3CVSS

7.3AI Score

0.001EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : nagios (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nagios: Configured administrative account with fixed password and no IP restriction as default ...

9.8CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : nasm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: heap-based buffer over-read in do_directive in asm/preproc.c (CVE-2018-19215) nasm: Buffer...

7.8CVSS

8.8AI Score

0.005EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : iproute (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...

4.4CVSS

7.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

7.5CVSS

8.3AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

7.5CVSS

7.8AI Score

0.002EPSS

2024-06-03 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)

The remote host is missing an update for the Huawei...

7.3CVSS

6.4AI Score

0.001EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

7.3CVSS

7.3AI Score

0.001EPSS

2024-06-03 12:00 AM
github
github

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

9.8CVSS

6.2AI Score

EPSS

2024-06-02 10:29 PM
369
osv
osv

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

9.8CVSS

6.2AI Score

EPSS

2024-06-02 10:29 PM
11
githubexploit

8.6CVSS

6.2AI Score

0.945EPSS

2024-06-02 08:16 PM
68
githubexploit

8.6CVSS

6.1AI Score

0.945EPSS

2024-06-02 08:19 AM
61
githubexploit

8.6CVSS

6.1AI Score

0.945EPSS

2024-06-02 08:19 AM
73
fedora
fedora

[SECURITY] Fedora 39 Update: rust-local_ipaddress-0.1.3-8.fc39

Get your local IP address without...

7.1AI Score

2024-06-02 03:39 AM
zdt

10CVSS

6.7AI Score

0.001EPSS

2024-06-02 12:00 AM
11
zdt
zdt

Aquatronica Control System 5.1.6 Password Disclosure Exploit

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....

7.5AI Score

2024-06-02 12:00 AM
9
zdt

7.5CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
13
openbugbounty
openbugbounty

ip172.ip-51-255-15.eu Cross Site Scripting vulnerability OBB-3932087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-01 05:11 AM
6
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-06-01 02:20 AM
69
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...

7.5CVSS

8.2AI Score

0.005EPSS

2024-06-01 12:00 AM
6
exploitdb

7.5CVSS

7.1AI Score

EPSS

2024-06-01 12:00 AM
79
githubexploit
githubexploit

Exploit for CVE-2024-27348

CVE-2024-27348 **For Ethical Usages only, Any harmful or...

6.7AI Score

0.001EPSS

2024-05-31 08:11 PM
254
githubexploit

8.6CVSS

8.6AI Score

0.945EPSS

2024-05-31 06:14 PM
69
metasploit
metasploit

OS X x64 Shell Bind TCP

Bind an arbitrary command to an arbitrary...

7.5AI Score

2024-05-31 05:21 PM
51
githubexploit

8.6CVSS

5.9AI Score

0.945EPSS

2024-05-31 05:14 PM
128
metasploit
metasploit

OSX aarch64 Shell Reverse TCP

Connect back to attacker and spawn a command...

7.4AI Score

2024-05-31 05:05 PM
52
metasploit
metasploit

OSX aarch64 Execute Command

Execute an arbitrary...

7.5AI Score

2024-05-31 04:51 PM
51
malwarebytes
malwarebytes

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....

7.2AI Score

2024-05-31 04:37 PM
8
veracode
veracode

Server Side Request Forgery (SSRF)

ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...

6.8AI Score

EPSS

2024-05-31 01:34 PM
11
githubexploit

8.6CVSS

6.5AI Score

0.945EPSS

2024-05-31 12:08 PM
53
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
githubexploit

8.6CVSS

6.1AI Score

0.945EPSS

2024-05-31 10:18 AM
70
veracode
veracode

IP Address Spoofing

Symfony is vulnerable to IP Address Spoofing The vulnerability is due to the potential manipulation of client IP addresses returned by the Request::getClientIp() method for sensitive decisions. It allows malicious actors to manipulate or spoof their IP...

7AI Score

2024-05-31 05:34 AM
1
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-05-31 01:14 AM
109
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-05-31 01:14 AM
112
exploitdb

7.4AI Score

2024-05-31 12:00 AM
35
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

7.8CVSS

8.9AI Score

EPSS

2024-05-31 12:00 AM
3
Total number of security vulnerabilities72060