Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms Security Vulnerabilities
7.4AI Score
[8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves...
8.1CVSS
8.2AI Score
EPSS
Welotec Industrial Routers Improper Access Control (CVE-2023-1083)
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8CVSS
7.7AI Score
0.001EPSS
GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202407-08 (GNU Emacs, Org Mode: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...
9.8CVSS
7.7AI Score
0.002EPSS
RHEL 8 : libreswan (RHSA-2024:4200)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
Debian dla-3852 : ovmf - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3852 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3852-1 [email protected] ...
6.7CVSS
6.6AI Score
0.0004EPSS
OpenSSH -- Race condition resulting in potential remote code execution
The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...
8.1CVSS
8.5AI Score
EPSS
GLSA-202407-04 : Pixman: Heap Buffer Overflow
The remote host is affected by the vulnerability described in GLSA-202407-04 (Pixman: Heap Buffer Overflow) A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...
8.8CVSS
7.4AI Score
0.003EPSS
GLSA-202407-05 : SSSD: Command Injection
The remote host is affected by the vulnerability described in GLSA-202407-05 (SSSD: Command Injection) A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.8CVSS
7.6AI Score
0.001EPSS
6.7AI Score
0.0004EPSS
4.7CVSS
7.1AI Score
0.0004EPSS
8.1CVSS
8.2AI Score
0.0004EPSS
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
0.006EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
4.4CVSS
7.1AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
7.5AI Score
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1861)
The remote host is missing an update for the Huawei...
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)
The remote host is missing an update for the Huawei...
7.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1859)
The remote host is missing an update for the Huawei...
8CVSS
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)
The remote host is missing an update for the Huawei...
8CVSS
8.1AI Score
0.05EPSS
SDL_ttf: Arbitrary Memory Write
Background SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications. Description A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details. Impact SDL_ttf was...
7.8CVSS
7.4AI Score
0.001EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
7AI Score
0.0004EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head.....
7.1AI Score
0.0004EPSS
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. Bugs ...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...
6.8AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
6.7AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI...
5.5CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such...
7AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...
6.5CVSS
6.5AI Score
0.001EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
5.3CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.8AI Score
0.001EPSS
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php...
EPSS
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...
8.1CVSS
8.4AI Score
EPSS
The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...
8.1CVSS
7.7AI Score
EPSS
Oracle Linux 9 : openssh (ELSA-2024-12468)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12468 advisory. [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 Tenable has...
8.1CVSS
7.9AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0706)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0706 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
6.3CVSS
7AI Score
EPSS