58858 matches found
Security Updates for Microsoft Visual Studio Products (June 2024)
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2024-29060, CVE-2024-29187 - A remote code execution...
KB5039212: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (June 2024)
The remote Windows host is missing security update 5039212. It is, therefore, affected by multiple vulnerabilities - Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability CVE-2024-30097 - Windows Remote Access Connection Manager Information Disclosure...
FreeBSD : Composer -- Multiple command injections via malicious git/hg branch names (5f608c68-276c-11ef-8caa-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f608c68-276c-11ef-8caa-0897988a1c07 advisory. Composer project reports: The status, reinstall and remove commands with packages installed fr...
SUSE SLED15: libblkid-devel / libblkid-devel-32bit / libblkid-devel-static / etc (SUSE-SU-2024:1943-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1943-1 advisory. - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover...
KB5039217: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2024)
The remote Windows host is missing security update 5039217. It is, therefore, affected by multiple vulnerabilities - Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability CVE-2024-30097 - Windows Remote Access Connection Manager Information Disclosure...
Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...
KB5039266: Windows Server 2008 Security Update (June 2024)
The remote Windows host is missing security update 5039266. It is, therefore, affected by multiple vulnerabilities - Microsoft Message Queuing MSMQ Remote Code Execution Vulnerability CVE-2024-30080 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability CVE-2024-3007...
KB5039274: Windows Server 2008 R2 Security Update (June 2024)
The remote Windows host is missing security update 5039274. It is, therefore, affected by multiple vulnerabilities - Microsoft Message Queuing MSMQ Remote Code Execution Vulnerability CVE-2024-30080 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability CVE-2024-3007...
Google Chrome < 126.0.6478.56 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 202406stable-channel-update-for-desktop advisory. - Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a...
Chef Infra Client Installed (Windows)
Binary data chefinfraclientwininstalled.nbin...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : MySQL vulnerabilities (USN-6823-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6823-1 advisory. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issue...
Hirschmann HiOS Switches Heap-based Buffer Overflow (CVE-2019-12257)
DHCP packets may go past the local area network LAN via DHCP-relays, but are otherwise confined to the LAN. The DHCP-client may be used by VxWorks and in the bootrom. Bootrom, using DHCP/BOOTP, is only vulnerable during the boot-process. This vulnerability may be used to overwrite the heap, which...
AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...
PHP 8.3.x < 8.3.8 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...
Chef Infra Client Installed (Unix)
Binary data chefinfraclientnixinstalled.nbin...
CentOS 7 : glibc (RHSA-2024:3588)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. - The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings ...
Digest Authentication Bruteforced
The scanner successfully authenticated on the target web application by using weak credentials in the request digest authentication HTTP header. No source data...
Fedora 40 : galera / mariadb10.11 (2024-6ea93e629b)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-6ea93e629b advisory. MariaDB 10.11.8 & Galera 26.4.18 Release notes: https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2024-637)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-637 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 ghostpdl-10.03.1NOTE:...
Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255)
An attacker can either hijack an existing TCP-session and inject bad TCP-segments or establish a new TCP-session on any TCP-port listened to by the target. This vulnerability could lead to a buffer overflow of up to a full TCP receive-window by default, 10k-64k depending on version. The buffer...