CVE-2024-27149 Local Privilege Escalation and Remote Code Execution using insecure LD_PRELOAD
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...
7.4CVSS
0.0004EPSS
CVE-2024-27148 Local Privilege Escalation and Remote Code Execution using insecure PATH
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...
7.4CVSS
0.0004EPSS
CVE-2024-27148 Local Privilege Escalation and Remote Code Execution using insecure PATH
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...
7.4CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27147 Local Privilege Escalation and Remote Code Execution using snmpd
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...
7.4CVSS
0.0004EPSS
CVE-2024-27147 Local Privilege Escalation and Remote Code Execution using snmpd
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...
7.4CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27146 Lack of privileges separation
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference...
6.7CVSS
0.0004EPSS
CVE-2024-27146 Lack of privileges separation
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference...
6.7CVSS
7AI Score
0.0004EPSS
CVE-2024-27145 Multiple Post-authenticated Remote Code Execution
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...
9.8CVSS
0.0004EPSS
CVE-2024-27145 Multiple Post-authenticated Remote Code Execution
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...
9.8CVSS
7.3AI Score
0.0004EPSS
CVE-2024-27144 Pre-authenticated Remote Code Execution
The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....
9.8CVSS
0.0004EPSS
CVE-2024-27144 Pre-authenticated Remote Code Execution
The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....
9.8CVSS
7.3AI Score
0.0004EPSS
CVE-2024-27143 Pre-authenticated Remote Code Execution
Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....
9.8CVSS
0.0004EPSS
CVE-2024-27143 Pre-authenticated Remote Code Execution
Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....
9.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-27142 Pre-authenticated XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27142 Pre-authenticated XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
0.0004EPSS
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
0.0004EPSS
A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....
6.3CVSS
0.0004EPSS
A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....
6.3CVSS
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40
The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...
6.5CVSS
7.1AI Score
0.0005EPSS
CVE-2024-5981 itsourcecode Online House Rental System manage_user.php sql injection
A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....
6.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-5981 itsourcecode Online House Rental System manage_user.php sql injection
A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....
6.3CVSS
0.0004EPSS
Debian dsa-5710 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5710 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5710-1 [email protected] ...
6.7AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
8.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
9.8CVSS
7.3AI Score
0.002EPSS
Rocky Linux 8 : firefox (RLSA-2024:3783)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3783 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...
7.8AI Score
0.0004EPSS
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
0.0004EPSS
Rocky Linux 8 : kernel (RLSA-2024:3138)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s),...
9.8CVSS
7.7AI Score
EPSS
Rocky Linux 9 : thunderbird (RLSA-2024:2888)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2888 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...
7.8AI Score
0.0004EPSS
Rocky Linux 8 : pcp (RLSA-2024:3264)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3264 advisory. * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019) Tenable has extracted the preceding description block...
8.8CVSS
7.2AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....
7.1AI Score
EPSS
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.5AI Score
0.0005EPSS
7.2AI Score
0.0004EPSS
AlmaLinux 9 : cockpit (ALSA-2024:3843)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3843 advisory. * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Tenable has extracted the preceding description block directly from the...
7.3CVSS
7.4AI Score
0.0004EPSS
Rocky Linux 8 : cockpit (RLSA-2024:3667)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3667 advisory. * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Tenable has extracted the preceding description block directly from...
7.3CVSS
7.4AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
Zyxel NAS Multiple Vulnerabilities
The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request....
9.8CVSS
8.6AI Score
0.001EPSS
Rejetto HTTP File Server 2.x Remote Code Execution
Rejetto HTTP File Server 2.x, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP...
8.4AI Score
7.4AI Score
0.0004EPSS
How to Exclude Applications from Dashboard & Compliance Reporting
This article provides steps to exclude system namespaces from the Veeam Kasten for Kubernetes dashboard and compliance...
7.1AI Score
Fortinet FortiClient (FG-IR-22-059) (macOS)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
7.2AI Score
0.0004EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
6.5CVSS
6.8AI Score
0.001EPSS
Fortinet FortiClient (FG-IR-22-044)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-044 advisory. An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0...
7.7CVSS
7.4AI Score
0.0004EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS