Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such...
7AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...
6.5CVSS
6.5AI Score
0.001EPSS
7.5AI Score
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1861)
The remote host is missing an update for the Huawei...
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)
The remote host is missing an update for the Huawei...
7.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1859)
The remote host is missing an update for the Huawei...
8CVSS
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
Welotec Industrial Routers Improper Access Control (CVE-2023-1083)
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8CVSS
7.7AI Score
0.001EPSS
GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202407-08 (GNU Emacs, Org Mode: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...
9.8CVSS
7.7AI Score
0.002EPSS
RHEL 8 : libreswan (RHSA-2024:4200)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
Debian dla-3852 : ovmf - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3852 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3852-1 [email protected] ...
6.7CVSS
6.6AI Score
0.0004EPSS
The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...
8AI Score
GLSA-202407-04 : Pixman: Heap Buffer Overflow
The remote host is affected by the vulnerability described in GLSA-202407-04 (Pixman: Heap Buffer Overflow) A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...
8.8CVSS
7.4AI Score
0.003EPSS
GLSA-202407-05 : SSSD: Command Injection
The remote host is affected by the vulnerability described in GLSA-202407-05 (SSSD: Command Injection) A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.8CVSS
7.6AI Score
0.001EPSS
A NumPy Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version...
7.4AI Score
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0706)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0706 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...
6.3CVSS
7AI Score
EPSS
OpenSSH: Remote Code Execution
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...
8.1CVSS
8.4AI Score
EPSS
Oracle Linux 9 : openssh (ELSA-2024-12468)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12468 advisory. [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 Tenable has...
8.1CVSS
7.9AI Score
EPSS
7.4AI Score
7.4AI Score
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
7.5AI Score
6.7AI Score
EPSS
7.5AI Score
7.8CVSS
7.9AI Score
0.0005EPSS
5.9CVSS
7.2AI Score
0.002EPSS
6.7CVSS
7.1AI Score
0.0004EPSS
8.1CVSS
7.4AI Score
0.001EPSS
8.1CVSS
7.1AI Score
0.001EPSS
9CVSS
7.4AI Score
0.087EPSS
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
9.8CVSS
7.3AI Score
0.003EPSS
9.8CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)
The remote host is missing an update for the Huawei...
5.3CVSS
5.6AI Score
0.0005EPSS
7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.001EPSS
8.1CVSS
8.2AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.2AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)
The remote host is missing an update for the Huawei...
6.5CVSS
6.9AI Score
0.003EPSS
7.1AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...
6.9AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.8AI Score
0.0004EPSS