CVE-2022-2879 affecting package golang 1.17.13-2
CVE-2022-2879 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-21541 affecting package openjdk8 1.8.0.332-2
CVE-2022-21541 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.9CVSS
9.9AI Score
0.001EPSS
CVE-2022-41725 affecting package golang 1.17.13-2
CVE-2022-41725 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
10AI Score
0.001EPSS
CVE-2023-0286 affecting package cloud-hypervisor 22.0-2
CVE-2023-0286 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
7.4CVSS
8.4AI Score
0.003EPSS
CVE-2023-21830 affecting package openjdk8 1.8.0.332-2
CVE-2023-21830 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2023-21843 affecting package openjdk8 1.8.0.332-2
CVE-2023-21843 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.9AI Score
0.001EPSS
CVE-2022-21619 affecting package openjdk8 1.8.0.332-2
CVE-2022-21619 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.1AI Score
0.002EPSS
CVE-2022-38126 affecting package binutils 2.36.1-2
CVE-2022-38126 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-2880 affecting package golang 1.17.13-2
CVE-2022-2880 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.002EPSS
CVE-2022-4304 affecting package cloud-hypervisor 22.0-2
CVE-2022-4304 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
5.9CVSS
8.4AI Score
0.002EPSS
CVE-2022-38128 affecting package binutils 2.36.1-2
CVE-2022-38128 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2021-34141 affecting package numpy 1.16.6-2
CVE-2021-34141 affecting package numpy 1.16.6-2. This CVE either no longer is or was never...
5.3CVSS
9.8AI Score
0.001EPSS
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
9.9AI Score
0.001EPSS
CVE-2022-4450 affecting package cloud-hypervisor 22.0-2
CVE-2022-4450 affecting package cloud-hypervisor 22.0-2. This CVE either no longer is or was never...
7.5CVSS
9AI Score
0.001EPSS
CVE-2022-21624 affecting package openjdk8 1.8.0.332-2
CVE-2022-21624 affecting package openjdk8 1.8.0.332-2. No patch is available...
3.7CVSS
6.1AI Score
0.002EPSS
CVE-2022-38127 affecting package binutils 2.36.1-2
CVE-2022-38127 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2022-27664 affecting package golang 1.17.13-2
CVE-2022-27664 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9AI Score
0.002EPSS
CVE-2021-41495 affecting package numpy 1.16.6-2
CVE-2021-41495 affecting package numpy 1.16.6-2. No patch is available...
5.3CVSS
9.9AI Score
0.001EPSS
CVE-2020-8563 affecting package kubernetes-1.18.19 1.18.19-2
CVE-2020-8563 affecting package kubernetes-1.18.19 1.18.19-2. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2
CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2. A patched version of the package is...
7.5CVSS
9.1AI Score
0.003EPSS
CVE-2022-41722 affecting package golang 1.17.13-2
CVE-2022-41722 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
8.7AI Score
0.001EPSS
CVE-2022-41724 affecting package golang 1.17.13-2
CVE-2022-41724 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2022-43410 affecting package mercurial 5.4-2
CVE-2022-43410 affecting package mercurial 5.4-2. No patch is available...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.1AI Score
0.002EPSS
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
CVE-2023-48795 affecting package nmap for versions less than 7.93-2
CVE-2023-48795 affecting package nmap for versions less than 7.93-2. A patched version of the package is...
5.9CVSS
6.2AI Score
0.963EPSS
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2
CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...
9.8CVSS
9.9AI Score
0.001EPSS
CVE-2024-3123 CHANGING Mobile One Time Password - Arbitrary File Upload
CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system...
7.2CVSS
7.3AI Score
EPSS
CVE-2024-3123 CHANGING Mobile One Time Password - Arbitrary File Upload
CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system...
7.2CVSS
EPSS
CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...
4.9CVSS
EPSS
CVE-2024-3122 CHANGING Mobile One Time Password - Arbitrary File Reading
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the...
4.9CVSS
7.2AI Score
EPSS
Exploit for Improper Preservation of Permissions in Mobyproject Moby
CVE-2021-41091 This exploit offers an in-depth look at the...
7.9AI Score
Fedora 40 : mingw-poppler (2024-94068499c9)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94068499c9 advisory. Backport fix for CVE-2024-6239. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
7.5CVSS
7.6AI Score
0.0005EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246-mitigation This project is a Maven-based...
9.8CVSS
7.2AI Score
0.973EPSS
FreeBSD : electron29 -- multiple vulnerabilities (0e73964d-053a-481a-bf1c-202948d68484)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0e73964d-053a-481a-bf1c-202948d68484 advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...
8.8CVSS
7.6AI Score
0.001EPSS
FreeBSD : frr - Multiple vulnerabilities (07f0ea8c-356a-11ef-ac6d-a0423f48a938)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 07f0ea8c-356a-11ef-ac6d-a0423f48a938 advisory. [email protected] reports: In FRRouting (FRR) through 9.1, there are multiples vulnerabilities. ...
7.6AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.038EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.7AI Score
0.0004EPSS
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
6.5AI Score
0.0004EPSS
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
6.6AI Score
0.0004EPSS
CVE-2024-38533 ZKsync Era invalid stack addressing conversion
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version...
6.5CVSS
0.0004EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...
9.8CVSS
9AI Score
0.005EPSS
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...
7.5AI Score
0.0004EPSS
CVE-2023-52890 affecting package ntfs-3g for versions less than 2022.10.3-2
CVE-2023-52890 affecting package ntfs-3g for versions less than 2022.10.3-2. A patched version of the package is...
7AI Score
0.0004EPSS