NVIDIA Jetson AGX Xavier, TX1, TX2, And Nano L4T Security Vulnerabilities
Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cmd-injection-xD9OhyOP)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This...
6CVSS
6.8AI Score
0.0004EPSS
5.5CVSS
7.5AI Score
0.001EPSS
Welotec Industrial Routers OS Command Injection (CVE-2023-1082)
An remote attacker with low privileges can perform a command injection which can lead to root access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
8.8CVSS
7.8AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : OpenSSH vulnerability (USN-6859-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6859-1 advisory. It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and...
8.1CVSS
8.3AI Score
0.0005EPSS
Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted...
9.8CVSS
8.4AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0709)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0709 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a...
7.1CVSS
7AI Score
0.0004EPSS
7.4AI Score
RHEL 8 : httpd:2.4/httpd (RHSA-2024:4197)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4197 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd:2.4: httpd: HTTP...
6.9AI Score
0.0004EPSS
7.4AI Score
Apache 2.4.x < 2.4.60 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a...
7.3AI Score
0.0004EPSS
7.4AI Score
Siemens Automation License Manager Path Traversal (CVE-2022-43514)
The Siemens Automation License Manager (ALM) running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker could exploit this to upload arbitrary files to any folder on the remote...
9.8CVSS
7.2AI Score
0.014EPSS
A NumPy Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version...
7.4AI Score
GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202407-08 (GNU Emacs, Org Mode: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...
9.8CVSS
7.7AI Score
0.002EPSS
RHEL 8 : libreswan (RHSA-2024:4200)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
Debian dla-3852 : ovmf - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3852 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3852-1 [email protected] ...
6.7CVSS
6.6AI Score
0.0004EPSS
GLSA-202407-04 : Pixman: Heap Buffer Overflow
The remote host is affected by the vulnerability described in GLSA-202407-04 (Pixman: Heap Buffer Overflow) A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...
8.8CVSS
7.4AI Score
0.003EPSS
GLSA-202407-05 : SSSD: Command Injection
The remote host is affected by the vulnerability described in GLSA-202407-05 (SSSD: Command Injection) A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.8CVSS
7.6AI Score
0.001EPSS
6.7AI Score
0.0004EPSS
4.7CVSS
7.1AI Score
0.0004EPSS
8.1CVSS
8.2AI Score
0.0004EPSS
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
0.006EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
4.4CVSS
7.1AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
7.5AI Score
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1861)
The remote host is missing an update for the Huawei...
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)
The remote host is missing an update for the Huawei...
7.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1859)
The remote host is missing an update for the Huawei...
8CVSS
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)
The remote host is missing an update for the Huawei...
8CVSS
8.1AI Score
0.05EPSS
SDL_ttf: Arbitrary Memory Write
Background SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details. Impact SDL_ttf was...
7.8CVSS
7.4AI Score
0.001EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...
6.8AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI...
5.5CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...
6.9AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...
6.5CVSS
6.5AI Score
0.001EPSS
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...
8.1CVSS
8.4AI Score
0.0005EPSS
Oracle Linux 8 : httpd:2.4/httpd (ELSA-2024-4197)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4197 advisory. httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP...
6.8AI Score
0.0004EPSS
7.4AI Score
Welotec Industrial Routers Improper Access Control (CVE-2023-1083)
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8CVSS
7.7AI Score
0.001EPSS