The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...
8.1CVSS
7.7AI Score
EPSS
Oracle Linux 9 : openssh (ELSA-2024-12468)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12468 advisory. [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 Tenable has...
8.1CVSS
7.9AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0706)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0706 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
6.3CVSS
7AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0307
Updates of ['openssh'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. Bugs ...
6.9AI Score
0.0004EPSS
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai...
6.5CVSS
6.8AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.6AI Score
0.0004EPSS
Debian dla-3851 : gunicorn - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...
7.5CVSS
6.6AI Score
0.0004EPSS
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Debian dla-3853 : tryton-server - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...
6.9AI Score
Siemens Automation License Manager Remote Detection
The Siemens Automation License Manager is running on the remote...
7.4AI Score
Debian dla-3854 : tryton-client - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3854 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3854-1 [email protected] ...
7AI Score
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.2AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0713)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0713 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.2AI Score
EPSS
K000140222: OpenSSH server vulnerability CVE-2024-6387
Security Advisory Description A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler...
8.1CVSS
6.7AI Score
EPSS
7.4AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages openssh - secure shell (SSH) for secure access to remote machines Details It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access...
8.1CVSS
8.5AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0712)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0712 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.2AI Score
EPSS
Debian dsa-5724 : openssh-client - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5724 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5724-1 [email protected] ...
8.1CVSS
8.3AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0710)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0710 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an...
6.5CVSS
7.5AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0704)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0704 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially...
8.8CVSS
7.8AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0703)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0703 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and...
8CVSS
7.8AI Score
EPSS
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can...
3.6CVSS
6.9AI Score
0.0004EPSS
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....
7.1AI Score
0.0004EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...
8.1CVSS
8.5AI Score
EPSS
che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1864)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...
7.1AI Score
0.0005EPSS
Android Automotive OS Update Bulletin—July 2024
The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this.....
8.1AI Score
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0714)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0714 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.2AI Score
EPSS
[ASA-202407-1] openssh: authentication bypass
Arch Linux Security Advisory ASA-202407-1 Severity: High Date : 2024-07-01 CVE-ID : CVE-2024-6387 Package : openssh Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-2855 Summary The package openssh before version 9.8p1-1 is vulnerable to authentication...
8.1CVSS
8.1AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0715)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0715 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
7AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0642
Updates of ['openssh'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
RHEL 8 : pki-core (RHSA-2024:4179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4179 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.6AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : eSpeak NG vulnerabilities (USN-6858-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6858-1 advisory. It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could...
5.5CVSS
8.1AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1851)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
9.8CVSS
7.1AI Score
0.001EPSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. Bugs ...
6.3CVSS
7AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.8AI Score
0.0004EPSS