Lucene search

Windows Defender On Windows Server, Version 2004 (Server Core Installation) Security Vulnerabilities

ibm

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache Camel (CVE-2024-22371)

Summary Apache Camel is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-22371 DESCRIPTION:...

2.9CVSS

6.1AI Score

0.0004EPSS

2024-07-01 03:02 AM

cvelist

CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...

4.9CVSS

0.0005EPSS

2024-07-01 02:39 AM

vulnrichment

CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...

4.9CVSS

7.1AI Score

0.0005EPSS

2024-07-01 02:39 AM

debian

[SECURITY] [DLA 3855-1] pdns-recursor security update

Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...

7.5CVSS

6.9AI Score

0.006EPSS

2024-07-01 01:24 AM

redos

ROS-20240701-01

A vulnerability in the GIMP graphical editor is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code GIMP graphical editor vulnerability is related to a buffer overflow on parsing GIMPP PSD files. Exploitation of the vulnerability could...

7.8CVSS

8AI Score

0.0005EPSS

2024-07-01 12:00 AM

cvelist

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings...

EPSS

2024-07-01 12:00 AM

cvelist

CVE-2024-37764

MachForm up to version 19 is affected by an authenticated stored cross-site...

EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DSA-5714-1)

The remote host is missing an update for the...

6.7AI Score

0.0004EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DLA-3845-1)

The remote host is missing an update for the...

7.5CVSS

7.1AI Score

0.001EPSS

2024-07-01 12:00 AM

openvas

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1874)

The remote host is missing an update for the Huawei...

6.8AI Score

0.0004EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DLA-3828-1)

The remote host is missing an update for the...

8.5CVSS

7.1AI Score

0.005EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DLA-3833-1)

The remote host is missing an update for the...

5.3CVSS

5.5AI Score

0.001EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DSA-5717-1)

The remote host is missing an update for the...

5.3CVSS

5.5AI Score

0.001EPSS

2024-07-01 12:00 AM

openvas

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1877)

The remote host is missing an update for the Huawei...

8CVSS

8.1AI Score

0.05EPSS

2024-07-01 12:00 AM

openvas

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1850)

The remote host is missing an update for the Huawei...

7.5CVSS

8.1AI Score

0.05EPSS

2024-07-01 12:00 AM

openvas

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1865)

The remote host is missing an update for the Huawei...

7.5CVSS

8.1AI Score

0.05EPSS

2024-07-01 12:00 AM

openvas

Debian: Security Advisory (DSA-5710-1)

The remote host is missing an update for the...

8.8CVSS

7.4AI Score

0.001EPSS

2024-07-01 12:00 AM

ubuntucve

CVE-2024-4877

[Unknown description] Notes Author| Note ---|--- alexmurray | Is specific to openvpn on Windows so Ubuntu is not...

7AI Score

EPSS

2024-07-01 12:00 AM

ubuntucve

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-07-01 12:00 AM

ubuntucve

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...

7.2AI Score

0.0004EPSS

2024-07-01 12:00 AM

ubuntucve

CVE-2024-39463

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0;...

7AI Score

0.0004EPSS

2024-07-01 12:00 AM

nessus

Fedora 39 : libreswan (2024-07c9cfd337)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07c9cfd337 advisory. Update to 4.15 for CVE-2024-3652 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

7.7AI Score

0.0004EPSS

2024-07-01 12:00 AM

nessus

Debian dla-3855 : pdns-recursor - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3855 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3855-1 [email protected] ...

7.5CVSS

7.3AI Score

0.006EPSS

2024-07-01 12:00 AM

nessus

RHEL 8 : httpd:2.4/httpd (RHSA-2024:4197)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4197 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd:2.4: httpd: HTTP...

6.9AI Score

0.0004EPSS

2024-07-01 12:00 AM

nessus

GLSA-202407-02 : SDL_ttf: Arbitrary Memory Write

The remote host is affected by the vulnerability described in GLSA-202407-02 (SDL_ttf: Arbitrary Memory Write) A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the...

7.8CVSS

7.1AI Score

0.001EPSS

2024-07-01 12:00 AM

nessus

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0709)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0709 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a...

7.1CVSS

7.2AI Score

EPSS

2024-07-01 12:00 AM

nessus

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : OpenSSH vulnerability (USN-6859-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6859-1 advisory. It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and...

7.7AI Score

2024-07-01 12:00 AM

nessus

Siemens Automation License Manager Path Traversal (CVE-2022-43514)

The Siemens Automation License Manager (ALM) running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker could exploit this to upload arbitrary files to any folder on the remote...

9.8CVSS

7.2AI Score

0.014EPSS

2024-07-01 12:00 AM

nessus

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0705)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0705 advisory. In Splunk Enterprise versions below 9.0.10, 9.1.5, and 9.2.2, a low-privileged user that does not hold the admin or power...

8.8CVSS

7.8AI Score

EPSS

2024-07-01 12:00 AM

nessus

Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cmd-injection-xD9OhyOP)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This...

6CVSS

7.6AI Score

EPSS

2024-07-01 12:00 AM

nessus

FreeBSD : OpenSSH -- Race condition resulting in potential remote code execution (f1a00122-3797-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f1a00122-3797-11ef-b611-84a93843eb75 advisory. The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on...

8.1AI Score

2024-07-01 12:00 AM

exploitdb

Xhibiter NFT Marketplace 1.10.2 - SQL Injection

...

7.4AI Score

2024-07-01 12:00 AM

nessus

Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted...

9.8CVSS

8.8AI Score

EPSS

2024-07-01 12:00 AM

nessus

Apache 2.4.x < 2.4.60 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2: Serving WebSocket protocol upgrades over a HTTP/2...

7.6AI Score

EPSS

2024-07-01 12:00 AM