InstaWP Connect – 1-click WP Staging & Migration (beta) Security Vulnerabilities
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
0.0004EPSS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
6.9AI Score
0.0004EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
4AI Score
0.0004EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
7AI Score
0.0004EPSS
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
0.0004EPSS
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
6.7AI Score
0.0004EPSS
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2024-6294 udn News App - Sensitive Information Exposure
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
0.0004EPSS
CVE-2024-6294 udn News App - Sensitive Information Exposure
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: thunderbird-115.12.1-1.fc39
Mozilla Thunderbird is a standalone mail and newsgroup...
7.3AI Score
RHEL 8 : [23.0] Security update for the 23.0 (RPMs) (Low) (RHSA-2024:4081)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4081 advisory. The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container...
3.7CVSS
6.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2024-1847)
The remote host is missing an update for the Huawei...
7.1CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2024-1819)
According to the versions of the mod_http2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
7.5CVSS
8AI Score
0.005EPSS
HP PC BIOS Additional Security Update for TOCTOU
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...
7.6AI Score
0.0004EPSS
7.1AI Score
EPSS
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074137...
6.9AI Score
0.0004EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Fedora: Security Advisory for thunderbird (FEDORA-2024-6de8bb7c1b)
The remote host is missing an update for...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.8AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
EPSS
8.8CVSS
7.5AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1824)
The remote host is missing an update for the Huawei...
6.7CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following splat:.....
6.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1841)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
Fedora 39 : libopenmpt (2024-018a95fb38)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-018a95fb38 advisory. Update from 0.7.6 to 0.7.8 for more bug-fixes. https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/ ...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...
7.8CVSS
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...
7.8CVSS
7.7AI Score
0.0004EPSS
RHEL 9 : redhat-ds:12 (RHSA-2024:4092)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4092 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access...
7.5CVSS
7.3AI Score
0.0004EPSS
FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....
6.8AI Score
0.0004EPSS
[2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402,...
9CVSS
9.4AI Score
0.002EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-d2b54d5a9d)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.001EPSS
Fedora: Security Advisory for tomcat (FEDORA-2024-c404b99f19)
The remote host is missing an update for...
7.3AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
RHEL 9 : python3.11 (RHSA-2024:4077)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4077 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
7.8CVSS
6.9AI Score
0.0004EPSS
7.4CVSS
7.8AI Score
0.004EPSS
8.8CVSS
7.5AI Score
0.001EPSS
WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block
Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting (XSS) attacks. PoC As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into...
5.8AI Score
EulerOS 2.0 SP11 : sssd (EulerOS-SA-2024-1826)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...
7.1CVSS
7.3AI Score
0.0004EPSS
[2.43.5-1] - Update to 2.43.5 - Related: RHEL-36399, RHEL-36411 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36399,...
9CVSS
9.4AI Score
0.002EPSS
Fedora 40 : thunderbird (2024-bf1c613d5a)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bf1c613d5a advisory. Update to 115.12.1 * https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/ * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ ...
7.4AI Score
7.8CVSS
7.5AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1820)
The remote host is missing an update for the Huawei...
5.3CVSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
8CVSS
8.5AI Score
0.0005EPSS
Fedora 39 : python-dns (2024-3b4c7849ab)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3b4c7849ab advisory. Update to 2.6.1 (rhbz#2263657) ---- Fix for CVE-2023-29483 (rhbz#2274685) Tenable has extracted the preceding description block directly from the Fedora...
7AI Score
0.0004EPSS