V14.12 And Prior) Security Vulnerabilities
Rockwell Studio 5000 Logix Designer < V34 Code Hiding
The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...
7.3AI Score
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)
The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
7.6AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.6AI Score
This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
9.3CVSS
7.5AI Score
7.1AI Score
0.0004EPSS
AlmaLinux 8 : ruby:3.0 (ALSA-2024:3500)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3500 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...
7.7AI Score
Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2024-036)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-036 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive ...
6.9AI Score
Amazon Linux 2 : tigervnc (ALAS-2024-2558)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be...
7.9AI Score
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6804-1 advisory. It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local.....
6.8AI Score
Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload
The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD.....
7.2AI Score
Amazon Linux 2 : kernel (ALAS-2024-2560)
The version of kernel installed on the remote host is prior to 4.14.158-129.185. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2560 advisory. The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in...
6.9AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-068)
The version of kernel installed on the remote host is prior to 5.4.271-184.369. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-068 advisory. In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in ...
7AI Score
Amazon Linux 2 : git (ALAS-2024-2548)
The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...
7.5AI Score
According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...
7.2AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser....
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct...
7.2AI Score
7.1AI Score
0.0004EPSS
7.4AI Score
Amazon Linux 2 : golist (ALAS-2024-2556)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2556 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...
7.1AI Score
TeamCity Server Multiple Vulnerabilities (CVE-2024-36362 / CVE-2024-36365)
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2, prior to 2023.11.5, prior to 2023.5.6, prior to 2022.10.6, prior to 2022.04.7. It is, therefore, affected by multiple vulnerabilities: Path traversal...
7AI Score
Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)
The version of Progress WhatsUp Gold installed on the remote host is prior to 23.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 000255428 advisory. In WhatsUp Gold versions released before 2023.1.2, a blind SSRF vulnerability exists in Whatsup Gold's ...
7.1AI Score
Amazon Linux 2 : hsqldb (ALAS-2024-2557)
The version of hsqldb installed on the remote host is prior to 1.8.1.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2557 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script file with a SCRIPT...
6.8AI Score
GNOME Shell < 45.7 Code Execution in Portal Helper (CVE-2024-36472)
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.9AI Score
7.1AI Score
0.001EPSS
Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-011)
The version of python38 installed on the remote host is prior to 3.8.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-011 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13,...
6.4AI Score
Canon imageCLASS MF753Cdw setResource Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper.....
9.8CVSS
7.2AI Score
Contact Form 7 Plugin for WordPress < 5.9.2 Cross-Site Scripting
The WordPress Contact Form 7 Plugin installed on the remote host is affected by a Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
6.4AI Score
7.1AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 ...
7.1AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....
7.1AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
7.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
7.1AI Score
0.0004EPSS
7.4AI Score
6.5AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.6AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
Amazon Linux 2 : cni-plugins (ALAS-2024-2555)
The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2555 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
6.7AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-067)
The version of kernel installed on the remote host is prior to 5.4.273-186.370. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-067 advisory. In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem...
6.9AI Score
Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2550)
The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300039.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2550 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
7.1AI Score
Apple TV < 17.5 Multiple Vulnerabilities (HT214102)
According to its banner, the version of Apple TV on the remote device is prior to 17.5. It is therefore affected by multiple vulnerabilities as described in the...
7.1AI Score
Fedora 40 : roundcubemail (2024-680b8ba54e)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-680b8ba54e advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...
6.6AI Score
Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2024-040)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-040 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
6.7AI Score
Amazon Linux 2 : golang (ALAS-2024-2554)
The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
7AI Score