TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....
7.5CVSS
7.8AI Score
0.001EPSS
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a...
7AI Score
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...
7.3AI Score
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API...
4.3CVSS
4.6AI Score
0.0004EPSS
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API...
4.3CVSS
6.2AI Score
0.0004EPSS
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki...
4.3CVSS
6.1AI Score
0.0004EPSS
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki...
4.3CVSS
4.5AI Score
0.0004EPSS
Are Your SaaS Backups as Secure as Your Production Data?
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could...
7AI Score
CVE-2023-6502 Uncontrolled Resource Consumption in GitLab
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-1947 Uncontrolled Resource Consumption in GitLab
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API...
4.3CVSS
4.5AI Score
0.0004EPSS
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web...
6.5CVSS
6.1AI Score
0.0004EPSS
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web...
6.5CVSS
6.4AI Score
0.0004EPSS
CVE-2024-2874 Uncontrolled Resource Consumption in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web...
6.5CVSS
6.3AI Score
0.0004EPSS
RHEL 8 : kernel-rt (RHSA-2024:2950)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
9.8CVSS
7.2AI Score
EPSS
RHEL 8 : git-lfs (RHSA-2024:3346)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3346 advisory. Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git,...
7.5AI Score
0.0004EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific...
7.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2981 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP,...
7.5CVSS
6.6AI Score
0.005EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:3259)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3259 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
7.4AI Score
0.0004EPSS
RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...
7.5CVSS
8.4AI Score
0.963EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fix(es): * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in...
7.5CVSS
9AI Score
0.732EPSS
RHEL 8 : httpd:2.4 (RHSA-2024:3121)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3121 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_macro:...
7.5CVSS
8.9AI Score
0.732EPSS
RHEL 8 : libX11 (RHSA-2024:2973)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2973 advisory. The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: out-of-bounds memory access in...
7.8CVSS
7AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:3138)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security...
9.8CVSS
7.2AI Score
EPSS
RHEL 8 : bind and dhcp (RHSA-2024:3271)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3271 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....
7.5CVSS
8AI Score
0.05EPSS
RHEL 8 : webkit2gtk3 (RHSA-2024:2982)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2982 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Processing web...
9.8CVSS
9.1AI Score
0.017EPSS
RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2024:3061)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3061 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): *...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 8 : python-pillow (RHSA-2024:3005)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3005 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...
7.5CVSS
6.1AI Score
0.001EPSS
RHEL 8 : varnish:6 (RHSA-2024:3305)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3305 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.3AI Score
0.0004EPSS
RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2729 advisory. A highly-available key value store for shared configuration Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and...
7.5CVSS
9AI Score
0.732EPSS
RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based...
7.5CVSS
7.9AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...
7.5CVSS
7.9AI Score
0.001EPSS
Why Your Wi-Fi Router Doubles as an Apple AirTag
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly...
6.2AI Score
RHEL 8 : varnish:6 (RHSA-2024:2938)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2938 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.3AI Score
0.0004EPSS
Virtuozzo Hybrid Infrastructure 6.1 Update 1 (6.1.1-35)
In this release, Virtuozzo Hybrid Infrastructure enables virtual CPU and RAM overcommitment per node, as well as provides stability and performance improvements, and addresses issues found in previous releases. Vulnerability id: VSTOR-49565 Network errors occur when migrating a VM that was...
7.8AI Score
AlmaLinux 9 : nodejs (ALSA-2024:2910)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2910 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
5.3CVSS
6.7AI Score
0.0004EPSS
RHEL 9 : nodejs (RHSA-2024:2937)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2937 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...
5.3CVSS
6.8AI Score
0.0004EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:2936)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2936 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http,...
6.8AI Score
0.0004EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:2935)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2935 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http,...
6.8AI Score
0.0004EPSS
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...
5.3CVSS
5AI Score
0.0004EPSS
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...
5.3CVSS
6.3AI Score
0.0004EPSS
CVE-2024-35194 Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...
5.3CVSS
4.9AI Score
0.0004EPSS
CVE-2024-35194 Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...
5.3CVSS
6.5AI Score
0.0004EPSS
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the.....
5.3CVSS
6.8AI Score
0.0004EPSS
RHEL 8 : httpd:2.4 (RHSA-2024:2907)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2907 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * mod_http2: httpd:...
7.5CVSS
7.9AI Score
0.005EPSS
RHEL 7 : go-toolset-1.19-golang (RHSA-2024:2892)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2892 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http,...
6.5AI Score
0.0004EPSS
RHEL 9 : nodejs (RHSA-2024:2910)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2910 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...
5.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting.....
4.9CVSS
6.8AI Score
0.0004EPSS
A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting.....
4.9CVSS
5.2AI Score
0.0004EPSS
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting.....
4.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting.....
4.9CVSS
5.2AI Score
0.0004EPSS