Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Voice & Music, Snapdragon Wired Infrastructure And Networking Security Vulnerabilities
7.4AI Score
The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...
8.1CVSS
7.7AI Score
EPSS
Oracle Linux 8 : httpd:2.4/httpd (ELSA-2024-4197)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4197 advisory. httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP...
6.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
7.5AI Score
6.7AI Score
EPSS
7.5AI Score
7.8CVSS
7.9AI Score
0.0005EPSS
5.9CVSS
7.2AI Score
0.002EPSS
6.7CVSS
7.1AI Score
0.0004EPSS
8.1CVSS
7.4AI Score
0.001EPSS
8.1CVSS
7.1AI Score
0.001EPSS
9CVSS
7.4AI Score
0.087EPSS
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
9.8CVSS
7.3AI Score
0.003EPSS
9.8CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)
The remote host is missing an update for the Huawei...
5.3CVSS
5.6AI Score
0.0005EPSS
7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.001EPSS
8.1CVSS
8.2AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.2AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
7.1AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...
6.9AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return...
7AI Score
0.0004EPSS
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai...
6.5CVSS
6.8AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. Notes Author| Note ---|--- | Priority reason: Low...
4.3CVSS
6.5AI Score
0.0004EPSS
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. Notes Author| Note ---|--- alexmurray | Only affectes GitLab...
7.5CVSS
6.6AI Score
0.001EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
6.1AI Score
0.001EPSS
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...
6.1CVSS
6.2AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.6AI Score
0.0004EPSS
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...
6.8AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...
6.8AI Score
0.0004EPSS
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is.....
7AI Score
0.0004EPSS
Debian dla-3851 : gunicorn - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...
7.5CVSS
6.6AI Score
0.0004EPSS
Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-138)
This update provides important security fixes. Vulnerability id: VSTOR-88638 A security fix for CVE-2024-6387. Other security and stability fixes for...
8.1CVSS
8.3AI Score
EPSS
Fedora 40 : libreswan (2024-05a6ab143e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05a6ab143e advisory. Update to 4.15 for CVE-2024-3652 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
7.7AI Score
0.0004EPSS
Debian dla-3853 : tryton-server - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...
6.9AI Score
Siemens Automation License Manager Remote Detection
The Siemens Automation License Manager is running on the remote...
7.4AI Score
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0710)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0710 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an...
6.5CVSS
7.5AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0704)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0704 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially...
8.8CVSS
7.8AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0703)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0703 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and...
8CVSS
7.8AI Score
EPSS
Debian dsa-5724 : openssh-client - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5724 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5724-1 [email protected] ...
8.1CVSS
8.3AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0712)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0712 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
5.4CVSS
6.2AI Score
EPSS