Fedora 39 : python-PyMySQL (2024-e7141ab284)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e7141ab284 advisory. Update to 1.1.1 to fix CVE CVE-2024-36039 Tenable has extracted the preceding description block...
6.9AI Score
0.0004EPSS
Fedora 40 : tomcat (2024-c404b99f19)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c404b99f19 advisory. This update includes a rebase from 9.0.83 to 9.0.89. * #2269611 CVE-2024-24549 tomcat:...
7AI Score
0.0004EPSS
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
6.3CVSS
6.3AI Score
0.0005EPSS
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
6.3CVSS
0.0005EPSS
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....
7.2CVSS
0.0005EPSS
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....
7.2CVSS
6.7AI Score
0.0005EPSS
CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....
7.2CVSS
0.0005EPSS
CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....
7.2CVSS
6.7AI Score
0.0005EPSS
CVE-2024-5596 ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
6.3CVSS
0.0005EPSS
CVE-2024-5596 ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
6.3CVSS
6.9AI Score
0.0005EPSS
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
4.3CVSS
4.4AI Score
0.0004EPSS
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
4.3CVSS
0.0004EPSS
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
4.3CVSS
0.0004EPSS
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
4.3CVSS
6.5AI Score
0.0004EPSS
The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.4CVSS
0.001EPSS
The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.001EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
7.2CVSS
6.3AI Score
0.0005EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
6.1CVSS
0.0005EPSS
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.8AI Score
0.001EPSS
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
5.4CVSS
0.001EPSS
The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
0.001EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
7.2CVSS
0.0005EPSS
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
0.001EPSS
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...
6.5CVSS
0.001EPSS
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...
6.5CVSS
6.2AI Score
0.001EPSS
SUSE SLES12 Security Update : vte (SUSE-SU-2024:2151-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2151-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....
6.4AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP4) (SUSE-SU-2024:2160-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2160-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_97 fixes one issue. The following security issue was fixed: - CVE-2024-26852: Fixed use-after-free...
6.6AI Score
0.0004EPSS
GLSA-202406-04 : LZ4: Memory Corruption
The remote host is affected by the vulnerability described in GLSA-202406-04 (LZ4: Memory Corruption) An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an...
9.8CVSS
7.1AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (Live Patch 37 for SLE 15 SP3) (SUSE-SU-2024:2143-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2143-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.4AI Score
0.0004EPSS
Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-174-01)
The version of emacs installed on the remote host is prior to 29.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-174-01 advisory. New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
7.3AI Score
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.8AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 39 for SLE 15 SP3) (SUSE-SU-2024:2145-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2145-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 47 for SLE 15 SP2) (SUSE-SU-2024:2121-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2121-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_188 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
7.8AI Score
0.0005EPSS
GLSA-202406-01 : GLib: Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation) A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP3) (SUSE-SU-2024:2139-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2139-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8AI Score
0.0005EPSS
GLSA-202406-03 : RDoc: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202406-03 (RDoc: Remote Code Execution) A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
7.5AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-cryptography (SUSE-SU-2024:2138-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2138-1 advisory. - CVE-2024-26130: Fix a NULL pointer dereference in pkcs12.serialize_key_and_certificates()....
7.5CVSS
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 23 for SLE 15 SP4) (SUSE-SU-2024:2162-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2162-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_108 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
7CVSS
8.3AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:2115-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2115-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_172 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82830965-3073-11ef-a17d-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Azure Identity Libraries...
5.5CVSS
7AI Score
0.0004EPSS
RHEL 6 : quarkus-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700) Note that Nessus has...
7CVSS
6.8AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP4) (SUSE-SU-2024:2165-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2165-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_92 fixes one issue. The following security issue was fixed: - CVE-2024-26852: Fixed use-after-free...
7.6AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (Live Patch 56 for SLE 12 SP5) (SUSE-SU-2024:2147-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2147-1 advisory. This update for the Linux Kernel 4.12.14-122_216 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed an...
7.8CVSS
8.2AI Score
0.0005EPSS
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP2) (SUSE-SU-2024:2123-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2123-1 advisory. This update for the Linux Kernel 4.12.14-122_179 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...
7AI Score
0.0004EPSS
RHEL 6 : netty-codec-http (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025) Note that Nessus has not...
5.3CVSS
6.9AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2024:2149-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2149-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_191 fixes one issue. The following security issue was fixed: - CVE-2023-1829: Fixed a use-after-free...
7.8CVSS
7.3AI Score
0.0005EPSS
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...
5.3CVSS
5.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2153-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2153-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...
6.4AI Score
0.0004EPSS
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 33 for SLE 15 SP3) (SUSE-SU-2024:2124-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2124-1 advisory. This update for the Linux Kernel 4.12.14-122_162 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...
7.2AI Score
0.0005EPSS