7.4AI Score
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...
6.9AI Score
0.0004EPSS
7.4AI Score
Debian dla-3851 : gunicorn - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...
7.5CVSS
6.6AI Score
0.0004EPSS
Debian dla-3853 : tryton-server - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...
6.9AI Score
Fedora 40 : libreswan (2024-05a6ab143e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05a6ab143e advisory. Update to 4.15 for CVE-2024-3652 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
7.7AI Score
0.0004EPSS
Debian dla-3854 : tryton-client - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3854 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3854-1 [email protected] ...
7AI Score
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1864)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...
6.8AI Score
0.0004EPSS
Fedora 39 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2024-919bc7e512)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-919bc7e512 advisory. Update to gstreamer-1.22.9. ---- Backport fix for CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora...
7.8CVSS
7.4AI Score
0.0005EPSS
7.4AI Score
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1851)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1873)
The remote host is missing an update for the Huawei...
8CVSS
8.2AI Score
0.0004EPSS
RHEL 8 : pki-core (RHSA-2024:4179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4179 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.6AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : eSpeak NG vulnerabilities (USN-6858-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6858-1 advisory. It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could...
5.5CVSS
8.1AI Score
0.001EPSS
8.1CVSS
8.4AI Score
EPSS
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
7.5AI Score
0.0004EPSS
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
0.0004EPSS
CVE-2024-34703 Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
5.8AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.4CVSS
5.1AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...
5.4CVSS
5.3AI Score
0.0004EPSS
CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28794 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2023-50953 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2023-50952 IBM InfoSphere Information Server server-side request forgery
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
0.0004EPSS
CVE-2024-31898 IBM InfoSphere Information Server data modification
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
4.9AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
6.2AI Score
0.0004EPSS