In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...
6.9AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.8AI Score
0.0004EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
6.1AI Score
0.001EPSS
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...
6.1CVSS
6.2AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...
6.8AI Score
0.0004EPSS
Debian dla-3851 : gunicorn - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...
7.5CVSS
6.6AI Score
0.0004EPSS
Debian dla-3854 : tryton-client - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3854 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3854-1 [email protected] ...
7AI Score
MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms...
EPSS
Fedora 40 : libreswan (2024-05a6ab143e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05a6ab143e advisory. Update to 4.15 for CVE-2024-3652 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
7.7AI Score
0.0004EPSS
K000140222: OpenSSH server vulnerability CVE-2024-6387
Security Advisory Description A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler...
8.1CVSS
6.7AI Score
EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
7.1AI Score
0.0004EPSS
Debian dla-3853 : tryton-server - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...
6.9AI Score
Siemens Automation License Manager Remote Detection
The Siemens Automation License Manager is running on the remote...
7.4AI Score
7.1AI Score
0.0004EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0713)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0713 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.4AI Score
EPSS
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1875)
The remote host is missing an update for the Huawei...
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1868)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1852)
The remote host is missing an update for the Huawei...
7.8CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1864)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
6.7AI Score
EPSS
7.8CVSS
8.9AI Score
EPSS
6.5CVSS
7.1AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
7AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
8.1CVSS
6.8AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1866)
The remote host is missing an update for the Huawei...
7.8CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
Fedora 39 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2024-919bc7e512)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-919bc7e512 advisory. Update to gstreamer-1.22.9. ---- Backport fix for CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora...
7.8CVSS
7.4AI Score
0.0005EPSS
A scikit-learn Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version...
7.4AI Score
GLSA-202407-06 : cryptography: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202407-06 (cryptography: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...
9.1CVSS
7.8AI Score
0.008EPSS
GLSA-202407-03 : Liferea: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202407-03 (Liferea: Remote Code Execution) A vulnerability has been discovered in Liferea. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the...
9.8CVSS
7.5AI Score
0.003EPSS
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...
6.8AI Score
0.0004EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...
8.1CVSS
8.5AI Score
EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...
6.8AI Score
0.0004EPSS
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can...
3.6CVSS
6.9AI Score
0.0004EPSS
A Horovod Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version...
7.4AI Score
7.1AI Score
0.0004EPSS
7.4AI Score
Android Automotive OS Update Bulletin—July 2024
The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this.....
8.1AI Score
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0714)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0714 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.2AI Score
EPSS
7AI Score
0.0004EPSS
7AI Score
0.0004EPSS
GLSA-202407-01 : Zsh: Prompt Expansion Vulnerability
The remote host is affected by the vulnerability described in GLSA-202407-01 (Zsh: Prompt Expansion Vulnerability) Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...
7.8CVSS
7.4AI Score
0.001EPSS