WordPress Slider Plugin – WP 1 Slider Security Vulnerabilities
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this....
7.5AI Score
0.0004EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
9.8CVSS
7.1AI Score
0.007EPSS
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer...
0.0004EPSS
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...
0.0004EPSS
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write...
0.0004EPSS
Fedora 40 : moodle (2024-020937763e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-020937763e advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
7.7AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0305
Updates of ['linux-rt', 'linux'] packages of Photon OS have been...
9.8CVSS
9.6AI Score
0.001EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....
5.9CVSS
6.9AI Score
0.0004EPSS
6.5CVSS
7.2AI Score
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...
7.5CVSS
7AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Wget vulnerability (USN-6852-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6852-2 advisory. USN-6852-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original...
7AI Score
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons ...
6.6AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-508d03d0c7)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are...
3.7CVSS
4.6AI Score
0.0004EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158058)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158058 advisory. IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used...
6.5CVSS
6.3AI Score
0.0004EPSS
6.7AI Score
EPSS
RHEL 8 : pki-core (RHSA-2024:4164)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4164 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.7AI Score
0.0004EPSS
Fedora 40 : freeipa (2024-2a466c6514)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2a466c6514 advisory. Fix CVE-2024-2698 and CVE-2024-3183 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
8.1CVSS
8.5AI Score
0.0005EPSS
Fedora 39 : moodle (2024-9df8ef935b)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9df8ef935b advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
7.3AI Score
0.0004EPSS
GitLab 16.7 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3959)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private...
6.5CVSS
6.6AI Score
0.001EPSS
GitLab 16.10 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5430)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a...
6.8CVSS
6.7AI Score
0.0005EPSS
GitLab 15.8 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5655)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an...
9.6CVSS
6.6AI Score
0.001EPSS
7.4AI Score
EPSS
7.3CVSS
7.3AI Score
0.001EPSS
A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...
9.6CVSS
8.8AI Score
0.003EPSS
GitLab 16.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3115)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...
4.3CVSS
4.9AI Score
0.0004EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158059 advisory. IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...
6.5CVSS
6.3AI Score
0.0004EPSS
GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...
7.5CVSS
7.5AI Score
0.001EPSS
RHEL 8 : OpenShift Container Platform 4.12.60 (RHSA-2024:4008)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4008 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
8.1CVSS
8.3AI Score
0.0004EPSS
Fedora 39 : firefox (2024-a61be271bb)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a61be271bb advisory. - New upstream version (127.0.2) ---- - New upstream version (127.0) Tenable has extracted the preceding description block directly from the Fedora...
7.4AI Score
RHEL 7 : java-1.8.0-ibm (RHSA-2024:4160)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * IBM JDK: Object...
5.9CVSS
6.7AI Score
0.0004EPSS
Fedora 39 : chromium (2024-508d03d0c7)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-508d03d0c7 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...
7.2AI Score
0.0004EPSS
Fedora 40 : chromium (2024-0c02698648)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0c02698648 advisory. update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use...
7.2AI Score
0.0004EPSS
Fedora: Security Advisory for firefox (FEDORA-2024-a61be271bb)
The remote host is missing an update for...
7.5AI Score
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...
8.5AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-6857-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6857-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to...
8.6CVSS
9.6AI Score
0.019EPSS
OpenSSL Buffer Overread Vulnerability (20240627) - Linux
OpenSSL is prone to a buffer overread...
6.6AI Score
0.0004EPSS
Debian dla-3845 : dlt-daemon - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3845 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3845-1 [email protected] ...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the virtual console and pasting it into the command buffer, from which the command can be run after exiting the Flatpak application. Exploitation of the vulnerability...
10CVSS
6.9AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.001EPSS
GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2191)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge...
5.3CVSS
5.5AI Score
0.0005EPSS
Debian dla-3842 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3842 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3842-1 [email protected] ...
8CVSS
9.2AI Score
0.0005EPSS
RHEL 9 : pki-core (RHSA-2024:4165)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4165 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.8AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-0c02698648)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for openvpn (FEDORA-2024-b611e122fb)
The remote host is missing an update for...
7.2AI Score
EPSS
6.8AI Score
0.0004EPSS
RHEL 8 : python3 (RHSA-2024:4166)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4166 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
7.8CVSS
7.7AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...
7.8AI Score
0.0004EPSS
Debian dla-3843 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3843 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3843-1 [email protected] ...
7.8CVSS
9.5AI Score
0.0005EPSS