Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.7AI Score
0.002EPSS
8.8AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to handle.....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
7.2AI Score
0.0004EPSS
CVE-2023-52506 LoongArch: Set all reserved memblocks on Node#0 at initialization
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
6.6AI Score
0.0004EPSS
CVE-2023-52506 LoongArch: Set all reserved memblocks on Node#0 at initialization
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node#0 at initialization After commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()") we get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled: [ 0.000000] CPU 0 Unable to handle.....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7.8CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7.8CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7AI Score
0.0004EPSS
CVE-2024-26588 LoongArch: BPF: Prevent out-of-bounds memory access
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era ==...
7.8CVSS
7.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle, jsch (SUSE-SU-2024:0327-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0327-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other ...
5.9CVSS
6.5AI Score
0.963EPSS
5.9CVSS
6.6AI Score
0.963EPSS
9.8CVSS
7.3AI Score
0.966EPSS
9.8CVSS
7.6AI Score
0.966EPSS
9.8CVSS
7.4AI Score
0.966EPSS
9.8CVSS
9.8AI Score
0.966EPSS
pg-rain.de Cross Site Scripting vulnerability OBB-3830482
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-479)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-479 advisory. Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams...
5.5CVSS
6.8AI Score
0.0004EPSS
NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0083)
The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655) When setting font with...
8.8CVSS
9.4AI Score
EPSS
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request...
8.8CVSS
8.5AI Score
0.001EPSS
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing...
7.5CVSS
7.5AI Score
0.001EPSS
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary...
8.8CVSS
8.6AI Score
0.001EPSS
pcf-pg-paris.org Cross Site Scripting vulnerability OBB-3792612
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Oracle Linux 8 : ruby:2.5 (ELSA-2023-7025)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7025 advisory. A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...
8.8CVSS
7.7AI Score
0.004EPSS
rubygem-abrt [0.3.0-4] - Execute test suite unconditionally. - Upload correct sources. [0.3.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.3.0-1] - Update to abrt 0.3.0. [0.2.0-2] - Rebuilt...
8.8CVSS
8.2AI Score
0.004EPSS
(RHSA-2023:7025) Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: Buffer overrun in String-to-Float conversion...
6.8AI Score
0.004EPSS
RHEL 8 : ruby:2.5 (RHSA-2023:7025)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) ruby:...
8.8CVSS
7.9AI Score
0.004EPSS
Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: Buffer overrun in String-to-Float conversion...
8.8CVSS
6.7AI Score
0.004EPSS
pg-bielefeld.de Improper Access Control vulnerability OBB-3780033
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
kernel security, bug fix, and enhancement update
[5.14.0-362.8.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32...
8.2CVSS
7.8AI Score
EPSS
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work...
8.8AI Score
EPSS
Rocky Linux 8 : ruby:2.6 (RLSA-2022:0543)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0543 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means...
8.8CVSS
7.8AI Score
0.011EPSS
Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are...
7.5CVSS
7AI Score
0.004EPSS
Rocky Linux 8 : ruby:2.6 (RLSA-2022:5338)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5338 advisory. There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion,...
7.5CVSS
6.8AI Score
0.004EPSS
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...
7.4CVSS
7.9AI Score
0.01EPSS
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0545)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0545 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a...
8.8CVSS
6.6AI Score
0.011EPSS
Rocky Linux 8 : ruby:2.5 (RLSA-2019:1972)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:1972 advisory. An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could...
8.8CVSS
7AI Score
0.003EPSS
Ubuntu 16.04 ESM : uWSGI vulnerability (USN-5054-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5054-2 advisory. Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVE-2020-11984) Note that Nessus has not tested for this issue but has...
9.8CVSS
6.5AI Score
0.011EPSS
pg-pak.com Cross Site Scripting vulnerability OBB-3763769
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
8.8CVSS
9AI Score
EPSS
8.8CVSS
8.8AI Score
0.002EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5485 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
9.8CVSS
8.2AI Score
0.004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5486 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
9.8CVSS
8.2AI Score
0.004EPSS
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes....
9.4AI Score
0.004EPSS