MiracleLinux 8 : thunderbird-140.7.0-1.el8_10.ML.1 (AXSA:2026-240:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-240:03 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox...

OpenClaw has an unspecified vulnerability (CNVD-2026-13375)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...

EUVD-2017-5729

Malware in sbrugna...

EUVD-2018-2442

Malware in sbrugna...

HP Intelligent Management SOM Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM Account Creation', 'Description' = %q This module exploits a lack of authentication and access control in HP...

Slackware Linux 15.0 kcron Vulnerability (SSA:2024-240-01)

The version of kcron installed on the remote host is prior to 21.12.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-240-01 advisory. New kcron packages are available for Slackware 15.0 to fix a security issue. Tenable has extracted the preceding description block...

Slackware Linux 15.0 plasma-workspace Vulnerability (SSA:2024-240-02)

The version of plasma-workspace installed on the remote host is prior to 5.23.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-240-02 advisory. New plasma-workspace packages are available for Slackware 15.0 to fix a security issue. Tenable has extracted the preceding...

Dell Wyse Management Suite < 4.1 Multiple Vulnerabilities (DSA-2023-240)

The version of Dell Wyse Management Suite installed on the remote host is prior to 4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2023-240 advisory. - Wyse Management Suite versions prior to 4.1 contain a denial-of-service vulnerability. An authenticated...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-240)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-240 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order,...

Upgraded Q -> 2 from #240 [1686228552856]

Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: L-02 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #240 [1686228527253]

Judge has assessed an item in Issue 240 as 3 risk. The relevant finding follows: L-01 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #240 [1686228586164]

Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: L-04 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #240 [1683052133668]

Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: LOW‑11 tokenURI does not follow EIP-721 The EIP states that tokenURI "Throws if tokenId is not a valid NFT", which the code below does not do. If the NFT has not yet been minted, tokenURI should revert Proof Of Conce...

SUSE CVE-2018-16865

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash...

Amazon Linux 2022 : golist (ALAS2022-2022-240)

The version of golist installed on the remote host is prior to 0.10.1-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-240 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read ...

Ubuntu: Security Advisory (USN-240-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AutomationDirect DirectLOGIC with Serial Communication

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Serial Communication Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

Slackware: Security Advisory (SSA:2018-240-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...