58858 matches found
OpenSSL 0.9.7 < 0.9.7a Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7a. It is, therefore, affected by a vulnerability as referenced in the 0.9.7a advisory. - ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher...
OpenSSL 0.9.8 < 0.9.8q Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8q. It is, therefore, affected by a vulnerability as referenced in the 0.9.8q advisory. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification o...
OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...
Exploit for Improper Initialization in Linux Linux_Kernel
!Dirty Pipehttps://miro.medium.com/v2/resize:fit:1400/1G1ov2...
Node.js Modules Installed (Windows)
Binary data nodejsmoduleswininstalled.nbin...
Progress Telerik Report Server Installed (Windows)
Binary data progresstelerikreportserverwininstalled.nbin...
FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...
RHEL 8 : nghttp2 (RHSA-2024:3701)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3701 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS...
Oracle Linux 8 : tomcat (ELSA-2024-3666)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3666 advisory. - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Tenable has extracted the preceding...
PHP 8.3.x < 8.3.8 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly...
Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6815-1 advisory. Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote...
Oracle Linux 9 : kernel (ELSA-2024-3619)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3619 advisory. - ipv6: sr: fix possible use-after-free and null-ptr-deref Hangbin Liu RHEL-33968 RHEL-31732 CVE-2024-26735 Tenable has extracted the preceding...
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: minify, terragrunt, wolfictl, kube-bench, postgres-operator-fips, coredns, neuvector-scanner, nri-consul, atlantis, secrets-store-csi-driver-provider-azure, helm-fips, http-echo, osv-scanner, kwok, bom, buf, doppler-kubernetes-operator, stern, node-feature-discovery,...
Progress Telerik Report Server Authentication Bypass
Progress Telerik Report Server version prior to 2024 Q1 10.0.24.305 is vulnerable to authentication bypass and an insecure deserialization, allowing an unauthenticated attacker to execute code remotely via a specially forged request. No source data...
Unrestricted File Upload
Unrestricted file upload vulnerability occurs when the application suffers from a lack of validation of files being uploaded to its filesystem. When an attacker is able to upload files not matching the application expectations in terms of names, type, content or size, it could lead to various...
Concrete CMS Login Panel Detected
Concrete CMS Login Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No source...
Concrete CMS Debug Mode Enabled
Concrete CMS installed on the remote host is configured to operate in debug mode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...
Progress Telerik Report Server Authentication Bypass (CVE-2024-4358) (Direct Check)
Binary data telerikreportservercve-2024-4358.nbin...
openSUSE 15: libmariadbd104-devel / mariadb104 / mariadb104-bench / etc (SUSE-SU-2024:1922-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:1922-1 advisory. - Update to 10.4.33: - CVE-2023-22084: Fixed a bug that allowed high privileged attackers with network access via multiple protocols to compromise the server...