Linux Distros Unpatched Vulnerability : CVE-2015-4037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of...

CVE-2024-11407 Denial of Service through Data corruption in gRPC-C++

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network...

ROS-20241021-01

A vulnerability in the XML toolkit for Ruby REXML is related to parsing XML containing a large number of characters. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Ruby REXML XML toolkit vulnerability is related to parsing XML containing a...

ROS-20241002-01

A vulnerability in the btsdioremove function of the drivers\bluetooth\btsdio.c module of the Bluetooth driver of the kernel of the of the Linux operating system is related to the reuse of previously freed memory due to the state of the race. Exploitation of the vulnerability could allow an attack...

ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

RHEL 6 : audiofile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert CVE-2018-17095 -...

RHEL 5 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: command injection via crafted configuration file CVE-2020-1931 - A denial of service...

CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

CVE-2024-4140

An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts...

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Binding to an Unrestricted IP Address (CVE-2023-5398)

Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

CVE-2023-52349

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

Default credentials

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

Amazon Linux 2 : yasm (ALASGRAPHICSMAGICK1.3-2023-002)

The version of yasm installed on the remote host is prior to 1.2.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2GRAPHICSMAGICK1.3-2023-002 advisory. Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the...

CVE-2024-21651 XWiki Denial of Service attack through attachments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-34389 Allocation of resources without limits could lead to denial of service

An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more...

Security Update for Microsoft .NET 7 Core (October 2023)

The version of Microsoft .NET 7 Core installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023Oct10 advisory. - A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with...

Ubuntu: Security Advisory (USN-6364-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : qemu (ELSA-2018-4285)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4285 advisory. - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug:...