Desktop & Server Management (DSM) Security Vulnerabilities
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
0.0004EPSS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
6.9AI Score
0.0004EPSS
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
7AI Score
0.0004EPSS
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
0.0004EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1849)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1829)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...
9.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1829)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
8.8CVSS
7.5AI Score
0.002EPSS
EulerOS 2.0 SP11 : glusterfs (EulerOS-SA-2024-1833)
According to the versions of the glusterfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use- after-free.(CVE-2022-48340) Tenable...
7.5CVSS
7.8AI Score
0.001EPSS
About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 This document describes the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. About Apple security updates For our...
6.9AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
RHEL 9 : redhat-ds:12 (RHSA-2024:4092)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4092 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access...
7.5CVSS
7.3AI Score
0.0004EPSS
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 XSS (7158662)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7158662 advisory. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
4.8CVSS
5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2024-1812)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1808)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1846)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do...
6.8AI Score
EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1821)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the register_vfs() function (hw/pci/pcie_sriov.c) of the QEMU hardware emulator is related to a buffer...
6.5CVSS
6.8AI Score
0.001EPSS
RHEL 7 : kpatch-patch (RHSA-2024:4073)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4073 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7.8CVSS
8AI Score
0.002EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1828)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
7.8CVSS
7.5AI Score
0.005EPSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-1836)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
7.5CVSS
8AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2024-1833)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.001EPSS
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1825)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do...
6.8AI Score
EPSS
Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...
8.4CVSS
7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-1815)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
7.5CVSS
6.9AI Score
0.005EPSS
Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html...
6.3AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1828)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
7.3CVSS
7.5AI Score
0.003EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.2AI Score
0.005EPSS
RHEL 9 : samba (RHSA-2024:4101)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4101 advisory. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol,...
7.5CVSS
7AI Score
0.033EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4084 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
9CVSS
7.2AI Score
0.002EPSS
Oracle Linux 9 : git (ELSA-2024-4083)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4083 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402, RHEL-36414 Tenable has extracted...
9CVSS
7.5AI Score
0.002EPSS
Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html...
0.0004EPSS
EulerOS 2.0 SP11 : glusterfs (EulerOS-SA-2024-1812)
According to the versions of the glusterfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use- after-free.(CVE-2022-48340) Tenable...
7.5CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.005EPSS
This Week in Spring - June 25th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in...
7.1AI Score
Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....
7.2CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1849)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages ansible - Configuration management, deployment, and task execution system Details It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an...
7.8CVSS
7.7AI Score
0.002EPSS
Oracle Linux 9 : python3.9 (ELSA-2024-4078)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4078 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
7.8CVSS
7.3AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1846)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
Oracle Linux 8 : git (ELSA-2024-4084)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4084 advisory. [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36399, RHEL-36411 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36399, RHEL-36411 Tenable has extracted...
9CVSS
7.3AI Score
0.002EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.002EPSS
7.5AI Score
0.0004EPSS