9.8CVSS
7.4AI Score
0.005EPSS
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...
0.0004EPSS
5.5CVSS
7.4AI Score
0.002EPSS
Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...
6.8CVSS
7AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
8.2AI Score
0.0004EPSS
SUSE SLES12 Security Update : php8 (SUSE-SU-2024:2027-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2027-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the...
5.3CVSS
9.5AI Score
0.001EPSS
AlmaLinux 9 : podman (ALSA-2024:3826)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....
4.9CVSS
5.9AI Score
0.0005EPSS
7.4AI Score
Apple TV < 15.5 Multiple Vulnerabilities (HT213254)
According to its banner, the version of Apple TV on the remote device is prior to 15.5. It is therefore affected by multiple vulnerabilities as described in the...
9.8CVSS
9AI Score
0.016EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
Rocky Linux 8 : idm:DL1 (RLSA-2024:3044)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3044 advisory. * freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) Tenable has extracted the preceding description block directly...
5.3CVSS
6.8AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
According to its banner, the version of Apple TV on the remote device is prior to 16.3. It is therefore affected by multiple vulnerabilities as described in the...
8.8CVSS
7.1AI Score
0.007EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
9.8CVSS
7.4AI Score
0.919EPSS
Rocky Linux 8 : gstreamer1-plugins-good (RLSA-2024:3089)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3089 advisory. * gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) Tenable has extracted the preceding...
7.6CVSS
7.2AI Score
0.0005EPSS
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....
8.6CVSS
6AI Score
0.002EPSS
7.4AI Score
Rocky Linux 9 : podman (RLSA-2024:3826)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....
4.9CVSS
5.9AI Score
0.0005EPSS
Rocky Linux 8 : idm:DL1 (RLSA-2024:3755)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3755 advisory. * CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * CVE-2024-3183 freeipa:...
8.1CVSS
8.3AI Score
0.0004EPSS
Rocky Linux 8 : exempi (RLSA-2024:3066)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp...
6.5CVSS
7.3AI Score
0.001EPSS
Rocky Linux 8 : LibRaw (RLSA-2024:2994)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2994 advisory. * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) Tenable has extracted the preceding...
7.8CVSS
7.5AI Score
0.001EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:3466)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7.8CVSS
7.3AI Score
EPSS
AlmaLinux 9 : gdk-pixbuf2 (ALSA-2024:3834)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3834 advisory. * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) Tenable has extracted the preceding description block directly from the AlmaLinux security...
7.8CVSS
7.9AI Score
0.001EPSS
Rocky Linux 8 : pki-core:10.6 and pki-deps:10.6 (RLSA-2024:3061)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3061 advisory. * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) Tenable has extracted the preceding description block directly from...
7.5CVSS
7.2AI Score
0.002EPSS
Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) Tenable has extracted the preceding description block directly from the.....
6.2CVSS
9.4AI Score
0.001EPSS
6.7AI Score
EPSS
Rocky Linux 9 : less (RLSA-2024:3513)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3513 advisory. * less: OS command injection (CVE-2024-32487) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note that...
7.5AI Score
0.0004EPSS
Rocky Linux 9 : nodejs:20 (RLSA-2024:2853)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2853 advisory. * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch()...
5.3CVSS
7.8AI Score
0.0004EPSS
Debian dla-3827 : libcolorcorrect5 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...
6.4AI Score
EPSS
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) *...
8.8CVSS
7.7AI Score
0.0005EPSS
5.5CVSS
7.4AI Score
0.002EPSS
CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of...
5.5CVSS
5.5AI Score
0.0004EPSS
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data...
7.8CVSS
7.8AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data...
7.8CVSS
7.5AI Score
0.0004EPSS
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
6AI Score
0.0004EPSS
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
5.9AI Score
0.0004EPSS
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
6.3AI Score
0.0004EPSS
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
6.3AI Score
0.0004EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7AI Score
0.0004EPSS