(RHSA-2024:3497) Important: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) edk2: Buffer...
7.4AI Score
0.001EPSS
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the...
6.8AI Score
0.0004EPSS
Sensitive Information Disclosure
github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object...
6.7AI Score
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score
Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the sort query parameter in the GetAllEvents function, allowing for SQL injection through stacked queries and the ATTACH DATABASE...
7.8AI Score
Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the order query parameter in the GetMeshSyncResourcesKinds function, allowing for SQL injection through stacked queries and the ATTACH DATABASE...
7.8AI Score
Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine...
7.2AI Score
0.0004EPSS
Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine...
7AI Score
0.0004EPSS
7AI Score
0.0004EPSS
7AI Score
0.0004EPSS
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file...
7.2AI Score
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file...
7.2AI Score
Symfony has unsafe methods in the Request class
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not...
6.7AI Score
Symfony has unsafe methods in the Request class
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not...
7.1AI Score
Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....
6.8AI Score
Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....
7.2AI Score
Symfony2 security issue when the trust proxy mode is enabled
An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control. To fix this security issue, the following changes have been made to all versions of Symfony2: A new Request::setTrustedProxies()...
7.1AI Score
Symfony2 security issue when the trust proxy mode is enabled
An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control. To fix this security issue, the following changes have been made to all versions of Symfony2: A new Request::setTrustedProxies()...
7.1AI Score
7.4AI Score
0.001EPSS
SUSE SLES15 Security Update : gdk-pixbuf (SUSE-SU-2024:1842-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1842-1 advisory. - CVE-2022-48622: Fixed files rejection with multiple anih chunks (bsc#1219276). Tenable has extracted the preceding description block...
6.6AI Score
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : PostgreSQL vulnerability (USN-6802-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6802-1 advisory. Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An...
6.9AI Score
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1722)
The remote host is missing an update for the Huawei...
7.1AI Score
0.006EPSS
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
7.4AI Score
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1781)
The remote host is missing an update for the Huawei...
7.1AI Score
0.266EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-1758)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash...
8.2AI Score
Google Chrome < 125.0.6422.141 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 125.0.6422.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory. Heap buffer overflow in WebRTC. (CVE-2024-5493) Use after free in...
8.4AI Score
6.7AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:0461-2)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0461-2 advisory. - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). Tenable has extracted the preceding description block...
7AI Score
Oracle Linux 8 : grafana (ELSA-2024-3265)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3265 advisory. [9.2.10-16] - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313 - fix CVE-2024-1394 Tenable has extracted the preceding description...
7.3AI Score
Veritas NetBackup Improper Access Control (VTS24-004)
The version of Veritas NetBackup installed on the remote host is 9.1.0.1, 10.0, 10.0.0.1, 10.1, 10.1.1, 10.2, 10.2.0.1, 10.3, or 10.3.0.1. It is, therefore, affected by a vulnerability as referenced in the VTS24-004 advisory. A vulnerability was discovered in the Alta Recovery Vault feature of...
6.8AI Score
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1764)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...
7.7AI Score
Oracle Linux 9 : less (ELSA-2024-3513)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3513 advisory. [590-4] - Fix CVE-2024-32487 - Resolves: RHEL-33773 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note.....
6.3AI Score
EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1742)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
7.8AI Score
6.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1743)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1753)
The remote host is missing an update for the Huawei...
7.1AI Score
0.008EPSS
Oracle Linux 8 : git-lfs (ELSA-2024-3346)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...
7AI Score
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1741)
The remote host is missing an update for the Huawei...
6.8AI Score
0.003EPSS
7.5AI Score
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1733)
The remote host is missing an update for the Huawei...
7.1AI Score
0.006EPSS
FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...
6.4AI Score
Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with...
7AI Score
EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)
According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
7.8AI Score
EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...
7.5AI Score
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1741)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...
7.7AI Score
Oracle Linux 8 : glibc (ELSA-2024-3269)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <[email protected]> Tenable has extracted the...
6.3AI Score
Oracle Linux 8 : .NET / 8.0 (ELSA-2024-3345)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3345 advisory. [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35316 Tenable has extracted...
7.5AI Score
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS