DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1970-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1970-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...
6.9AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache2 (SUSE-SU-2024:1963-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1963-1 advisory. - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP...
7.5CVSS
7.7AI Score
0.005EPSS
6.6CVSS
7AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
5.4CVSS
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
8.3AI Score
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
8.3AI Score
0.0004EPSS
CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
0.0004EPSS
CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
6.2AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges...
10CVSS
8.9AI Score
EPSS
Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos/v13
Evmos vulnerable to unauthorized account creation with vesting module in...
7AI Score
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
8AI Score
0.001EPSS
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...
0.0004EPSS
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...
8AI Score
0.0004EPSS
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.http_dataset_source.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an...
10CVSS
6.8AI Score
0.0004EPSS
Linux kernel (ARM laptop) vulnerabilities
Releases Ubuntu 23.10 Packages linux-laptop - Linux kernel for Lenovo X13s ARM laptops Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.7AI Score
0.001EPSS
AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....
6.9AI Score
EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3759)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3759 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
7.5AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3758)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3758 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0004EPSS
7.8CVSS
8.7AI Score
0.001EPSS
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...
0.0004EPSS
AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....
7.3AI Score
EPSS
7.4AI Score
EPSS
7.8CVSS
8.7AI Score
0.001EPSS
Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
0.001EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3755)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3755 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3775)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0004EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 - PHP CGI Argument Injection Remote Code...
9.8CVSS
10AI Score
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
9.7AI Score
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7AI Score
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
9.6AI Score
0.932EPSS
CVE-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7.1AI Score
0.932EPSS
CVE-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7.2AI Score
0.932EPSS
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
5.7AI Score
0.001EPSS
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
0.001EPSS
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...
5.6CVSS
5.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...
5.4CVSS
7.5AI Score
0.0004EPSS
SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....
5.6CVSS
5.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1945-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...
7.8CVSS
7.6AI Score
0.0004EPSS
zfr authentication adapter did not verify validity of tokens
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...
7.4AI Score
zfr authentication adapter did not verify validity of tokens
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...
7.4AI Score
linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
8.9AI Score
0.001EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
8.6AI Score
0.001EPSS
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...
7AI Score
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...
7AI Score