GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: flannel, metrics-server, sigstore-scaffolding, gitlab-runner, temporal-ui-server, configmap-reload, influx, opentofu, policy-controller, supercronic, tekton-chains, stakater-reloader, hugo-extended, hubble, prometheus-alertmanager, vault, gitness, temporal,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: flannel, metrics-server, sigstore-scaffolding, gitlab-runner, temporal-ui-server, configmap-reload, influx, opentofu, policy-controller, supercronic, tekton-chains, stakater-reloader, hugo-extended, hubble, prometheus-alertmanager, vault, gitness, temporal,...
6.7AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: vt-cli, sigstore-scaffolding, gitlab-runner, harbor-cli, opentofu, tekton-chains, harbor-scanner-trivy, spqr, render-template, kube-rbac-proxy, aactl, kubeflow-pipelines, nri-mysql, s5cmd, mkcert, wireguard-go, nuclei, kyverno-policy-reporter, minio,...
7AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: vt-cli, sigstore-scaffolding, gitlab-runner, harbor-cli, opentofu, tekton-chains, harbor-scanner-trivy, spqr, render-template, kube-rbac-proxy, aactl, kubeflow-pipelines, nri-mysql, s5cmd, mkcert, wireguard-go, nuclei, kyverno-policy-reporter, minio,...
7.5AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: flux-source-controller, sops, crossplane, flux, terragrunt, actions-runner-controller, melange, zot, falco, policy-controller, pulumi-language-java, tekton-chains, vault, vexctl, gitness, apko, pulumi-language-yaml, boring-registry, pulumi-language-dotnet, aactl,...
7.5AI Score
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3254)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3254 advisory. aardvark-dns buildah [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 ...
7.4AI Score
7AI Score
0.004EPSS
Fedora 39 : python3.6 (2024-18b9c9b9cf)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-18b9c9b9cf advisory. Security fix for CVE-2024-0450 and CVE-2023-6597 Tenable has extracted the preceding description block directly from the Fedora security advisory....
7AI Score
7.2AI Score
0.0005EPSS
7.1AI Score
0.013EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...
8.1AI Score
SUSE SLES15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1886-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1886-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) Tenable has extracted...
7AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1882-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1882-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...
7AI Score
Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...
7.3AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...
8AI Score
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-3259)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3259 advisory. delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 ...
7.5AI Score
Fedora 39 : python-jinja2 (2024-ce7649d28e)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ce7649d28e advisory. Update to 3.1.4 (rhbz#2279211,rhbz#2279491) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
7.4AI Score
7.4AI Score
7.2AI Score
0.0004EPSS
javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...
6.8AI Score
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (646cbea8c3285f55f7f26b096cd9a63f91fdf4c4b06370aa92226ea3316bebba) The OpenSSF Package Analysis project identified 'drata' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package communicates...
7.1AI Score
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
6.8AI Score
0.019EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
7.3AI Score
0.019EPSS
Malicious code in numberpy (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e10120613afbbf32d487584c68eaf1ae7f4fc0674f1f119d86beae630a3b9070) The OpenSSF Package Analysis project identified 'numberpy' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
CVE-2024-5436 Type Confusion in Snapchat Lenscore
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or...
8AI Score
Malicious code in reqwestss (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1b49654324e091538657038a1288d05e2879c02d73bec38baeae681b0a26f5b9) The OpenSSF Package Analysis project identified 'reqwestss' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
Intro Simple POC Python script that check & leverage Check...
7.3AI Score
0.019EPSS
Malicious code in pinyin-pra (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b8720c87d902e268ccf6e9db13f00285998cf35b280a6851ef9c3c23b3f0d6b) The OpenSSF Package Analysis project identified 'pinyin-pra' @ 1.0.3 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...
7AI Score
simplesamlphp/simplesamlphp is vulnerable to Information Disclosure. The vulnerability is due to insufficient access controls on the admin interface endpoint, allowing unauthenticated users to view sensitive information about the host where SimpleSAMLphp is...
6.6AI Score
Heap-buffer-overflow in ubidi_writeReordered_76
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68624 Crash type: Heap-buffer-overflow READ 1 Crash state: ubidi_writeReordered_76...
7.2AI Score
7.1AI Score
0.0005EPSS
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
7.5AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|---...
7.2AI Score
7.4AI Score
AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:3466)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7AI Score
Amazon Linux 2 : unbound (ALASUNBOUND-2024-001)
The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-001 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...
6.5AI Score
JetBrains TeamCity 0.0.x < 2023.05.6 / 2023.6.x < 2023.11.5 (CVE-2024-36371)
The version of JetBrains TeamCity installed on the remote host is prior to 2023.05.6 or 2023.11.5. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36371 advisory. In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit status publisher was possible ...
6.1AI Score
TeamCity Server < 2023.5.6 XSS Vulnerability
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...
6.4AI Score
TensorFlow < 2.12.0 Multiple Vulnerabilities
The version of TensorFlow installed on the remote host is prior to 2.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.4AI Score
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
8.2AI Score
Rockwell Studio 5000 Logix Designer < V34 Code Hiding
The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...
7.3AI Score
Atlassian Confluence 7.20.x < 8.5.9 Remote Code Execution
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1 It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for these...
8.2AI Score
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)
The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
7.6AI Score
7.1AI Score
0.0004EPSS
AlmaLinux 8 : ruby:3.0 (ALSA-2024:3500)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3500 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...
7.7AI Score
Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2024-036)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-036 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive ...
6.9AI Score
Amazon Linux 2 : tigervnc (ALAS-2024-2558)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be...
7.9AI Score