Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1772)
The remote host is missing an update for the Huawei...
6.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.9AI Score
EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...
7.5AI Score
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2024:1845-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1845-1 advisory. Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): - CVE-2023-38264: Fixed Object Request Broker (ORB) denial of...
8AI Score
EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1763)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...
7.7AI Score
Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with...
7AI Score
EulerOS 2.0 SP12 : sudo (EulerOS-SA-2024-1755)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based...
7.6AI Score
Oracle Linux 8 : glibc (ELSA-2024-3269)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <[email protected]> Tenable has extracted the...
6.3AI Score
SUSE SLES15 / openSUSE 15 Security Update : warewulf4 (SUSE-SU-2024:1838-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1838-1 advisory. - fixed wwctl configure --all doesn't configure ssh (bsc#1225402) - update to 4.5.2 with following changes: * Reorder dnsmasq config to...
6.5AI Score
EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1772)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is...
6.8AI Score
AlmaLinux 9 : less (ALSA-2024:3513)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3513 advisory. * less: OS command injection (CVE-2024-32487) Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus.....
7.5AI Score
AlmaLinux 9 : nghttp2 (ALSA-2024:3501)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3501 advisory. * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...
6.8AI Score
EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)
According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
7.8AI Score
EulerOS 2.0 SP12 : curl (EulerOS-SA-2024-1760)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...
7.2AI Score
RHEL 8 : gdisk (RHSA-2024:3486)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...
7.2AI Score
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1836-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1836-1 advisory. - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream,...
6.9AI Score
openSUSE 15 Security Update : libredwg (openSUSE-SU-2024:0147-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0147-1 advisory. Update to tag 0.12.5.6924: - CVE-2023-26157: Fixed out-of-bound read involving section->num_pages in decode_r2007.c (boo#1218473) Tenable has extracted....
7.1AI Score
Fedora 39 : chromium (2024-151b368efb)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-151b368efb advisory. update to 125.0.6422.112 * High CVE-2024-5274: Type Confusion in V8 Tenable has extracted the preceding description block directly from the Fedora...
6.5AI Score
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1741)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...
7.7AI Score
EulerOS 2.0 SP12 : ncurses (EulerOS-SA-2024-1768)
According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.(CVE-2023-45918) NCurse v6.4-20230418 was discovered to...
7.2AI Score
Oracle Linux 8 : .NET / 8.0 (ELSA-2024-3345)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3345 advisory. [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35316 Tenable has extracted...
7.5AI Score
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6803-1 advisory. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An.....
8.3AI Score
Fedora 40 : thunderbird (2024-7ade906120)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7ade906120 advisory. Update to 115.11.0 * https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ *...
7.7AI Score
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1724)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1713)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1723)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1721)
The remote host is missing an update for the Huawei...
7.1AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1734)
The remote host is missing an update for the Huawei...
7AI Score
0.003EPSS
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1714)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757)
The remote host is missing an update for the Huawei...
6.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1780)
The remote host is missing an update for the Huawei...
6.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1744)
The remote host is missing an update for the Huawei...
6.8AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1736)
The remote host is missing an update for the Huawei...
6.9AI Score
0.001EPSS
Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...
7.5AI Score
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1758)
The remote host is missing an update for the Huawei...
7.1AI Score
0.266EPSS
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared....
7AI Score
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....
7AI Score
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1830-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1830-1 advisory. - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). Tenable has...
7AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : PyMySQL vulnerability (USN-6801-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6801-1 advisory. It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform...
8AI Score
RHEL 8 : ruby:3.0 (RHSA-2024:3500)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
7.3AI Score