Rocky Linux 8 : webkit2gtk3 (RLSA-2024:2982)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2982 advisory. * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) * webkitgtk: Processing web content may lead to arbitrary code.....
9.8CVSS
8.7AI Score
0.017EPSS
Rocky Linux 9 : 389-ds-base (RLSA-2024:3837)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause.....
7.5CVSS
7.8AI Score
0.0004EPSS
Rocky Linux 9 : podman (RLSA-2024:3826)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....
4.9CVSS
5.9AI Score
0.0005EPSS
Fedora 40 : cyrus-imapd (2024-f3e0255c75)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f3e0255c75 advisory. - Security fix for CVE-2024-34055 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus.....
6.5CVSS
6.9AI Score
0.0005EPSS
Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...
7.8CVSS
9.5AI Score
0.001EPSS
Rocky Linux 9 : tomcat (RLSA-2024:3307)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3307 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...
7.1AI Score
0.0004EPSS
Rocky Linux 8 : booth (RLSA-2024:3659)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3659 advisory. * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) Tenable has extracted the preceding description block...
7.4CVSS
7.4AI Score
0.001EPSS
Rocky Linux 8 : git-lfs (RLSA-2024:3346)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3346 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...
5.8AI Score
0.0004EPSS
Rocky Linux 8 : xorg-x11-server (RLSA-2024:3258)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3258 advisory. * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in.....
7.8CVSS
8AI Score
0.0005EPSS
AlmaLinux 9 : ruby (ALSA-2024:3838)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...
8.8CVSS
7.8AI Score
EPSS
Rocky Linux 9 : buildah (RLSA-2024:3827)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3827 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * jose-go: improper handling of highly compressed data...
4.9CVSS
5.9AI Score
0.0005EPSS
Rocky Linux 9 : booth (RLSA-2024:3661)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3661 advisory. * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) Tenable has extracted the preceding description block...
7.4CVSS
7.4AI Score
0.001EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Rocky Linux 9 : fence-agents (RLSA-2024:3820)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the Rocky Linux...
5.4CVSS
5.5AI Score
0.0004EPSS
Rocky Linux 8 : libXpm (RLSA-2024:2974)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2974 advisory. * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) * libXpm: out of bounds read on XPM with corrupted colormap...
5.5CVSS
7.5AI Score
0.0004EPSS
Fortinet FortiClient (FG-IR-22-044)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-044 advisory. An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0...
7.7CVSS
7.4AI Score
0.0004EPSS
Rocky Linux 9 : ipa (RLSA-2024:3754)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3754 advisory. * freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698) * freeipa: user can...
8.1CVSS
8.3AI Score
0.0004EPSS
Rocky Linux 9 : nodejs:20 (RLSA-2024:2853)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2853 advisory. * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch()...
5.3CVSS
7.8AI Score
0.0004EPSS
Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3671 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...
9AI Score
EPSS
Rocky Linux 8 : grub2 (RLSA-2024:3184)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3184 advisory. * grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048) * grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...
7.8CVSS
10AI Score
0.001EPSS
Debian dla-3827 : libcolorcorrect5 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...
6.4AI Score
EPSS
Palo Alto GlobalProtect Agent Encrypted Credential Exposure (CVE-2024-5908)
A credential exposure vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices could enable a remote attacker to gain encrypted user credentials, used for connecting to GlobalProtect, from the exposure of application logs. Note that Nessus has not tested for this issue but has.....
7.3AI Score
0.0004EPSS
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...
8.8CVSS
7.5AI Score
0.002EPSS
CData API Server < 23.4.8844, CData Connect < 23.4.8846, CData Arc < 23.4.8839, CData Sync < 23.4.8843 when running using the embedded Jetty server is affected by a vulnerability allowing an unauthenticated attacker to access unauthorized resources via a specially crafted...
7.2AI Score
SUSE SLES15 / openSUSE 15 Security Update : python-scikit-learn (SUSE-SU-2024:2029-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2029-1 advisory. -CVE-2024-5206: Fixed a possible sensitive data leak in TfidfVectorizer. (bsc#1226185) Tenable has extracted the preceding description...
5.3CVSS
6.9AI Score
0.0004EPSS
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) *...
8.8CVSS
7.7AI Score
0.0005EPSS
Fortinet FortiClient (FG-IR-22-059)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
AlmaLinux 9 : buildah (ALSA-2024:3827)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3827 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * jose-go: improper handling of highly compressed data...
4.9CVSS
6AI Score
0.0005EPSS
Rocky Linux 8 : traceroute (RLSA-2024:3211)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3211 advisory. * traceroute: improper command line parsing (CVE-2023-46316) Tenable has extracted the preceding description block directly from the Rocky Linux security...
5.5CVSS
9.6AI Score
0.0004EPSS
Fortinet FortiClient (FG-IR-22-235)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0,...
3.3CVSS
6.6AI Score
0.0004EPSS
Rocky Linux 8 : pcs (RLSA-2024:2953)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) * rubygem-rack: Possible DoS Vulnerability with Range...
5.8CVSS
5.8AI Score
0.0004EPSS
tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.5CVSS
5.9AI Score
0.0004EPSS
Rocky Linux 9 : less (RLSA-2024:3513)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3513 advisory. * less: OS command injection (CVE-2024-32487) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note that...
7.5AI Score
0.0004EPSS
aboutmyip.com Cross Site Scripting vulnerability OBB-3934995
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
642weather.com Cross Site Scripting vulnerability OBB-3934994
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
360onhistory.com Cross Site Scripting vulnerability OBB-3934993
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
adhub.com Cross Site Scripting vulnerability OBB-3934992
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
adexgroups.com Cross Site Scripting vulnerability OBB-3934990
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
alvanon.com Cross Site Scripting vulnerability OBB-3934989
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
moviebratspictures.com Cross Site Scripting vulnerability OBB-3934986
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
hillcountrynews.com Cross Site Scripting vulnerability OBB-3934984
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
secure.pinnion.com Cross Site Scripting vulnerability OBB-3934982
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.5AI Score
0.0004EPSS
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
tangent.com Cross Site Scripting vulnerability OBB-3934981
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
chungmei.net Cross Site Scripting vulnerability OBB-3934980
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
oxfordhmo.co.uk Cross Site Scripting vulnerability OBB-3934977
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
janmitchellproperties.co.uk Cross Site Scripting vulnerability OBB-3934974
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sheffieldstudenthousing.co.uk Cross Site Scripting vulnerability OBB-3934973
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score