RHEL 4 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: tty hijacking possible in su via TIOCSTI ioctl (CVE-2005-4890) In GNU Coreutils through 8.29,...
7.8CVSS
6.3AI Score
0.001EPSS
RHEL 8 : kernel (RHSA-2020:2667)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2667 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...
7.8CVSS
7.2AI Score
0.001EPSS
WordPress Pingback File Information Disclosure
The version of WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated, remote attacker can leverage this issue to determine the existence of local files and possibly to view...
6.8AI Score
0.004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
PAN-OS Firewall Exploit Script This script is designed to...
10CVSS
10AI Score
0.957EPSS
(RHSA-2024:2583) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) For more details about the security issue(s), including the impact, a...
7.8AI Score
0.0004EPSS
Comersus Cart Cross-Site Scripting Vulnerability
The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the...
6.1AI Score
0.045EPSS
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...
7.8CVSS
8.3AI Score
0.006EPSS
RHEL 8 : linux-firmware (RHSA-2024:2583)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2583 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: intel:...
8.2CVSS
7.3AI Score
0.0004EPSS
RHEL 6 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization ...
7.5CVSS
7.7AI Score
0.002EPSS
Cetil 'logon_senha.asp' Cross Site Scripting Vulnerability
Cetil is prone to a cross-site scripting (XSS)...
6.2AI Score
MailPoet Newsletters for WordPress Arbitrary File Upload
The MailPoet Newsletters plugin for WordPress installed on the remote web server is affected by a file upload vulnerability due to a failure to properly authenticate users. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the...
7.4AI Score
0.296EPSS
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...
7.8CVSS
7.8AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...
7.5CVSS
7.8AI Score
0.003EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via.....
9.1CVSS
8.5AI Score
0.004EPSS
F5 Networks BIG-IP : Intel BIOS vulnerability (K000137204)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137204 advisory. Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user...
4.4CVSS
4.5AI Score
0.0004EPSS
Sitecom Devices Hard-Coded Credentials (Telnet)
The remote Sitecom Device is using known hard-coded ...
7.5AI Score
Exploit for Path Traversal in Microsoft
Fully Weaponized CVE-2021-40444 Malicious docx generator to...
8.8CVSS
7.8AI Score
0.969EPSS
Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information...
5.7CVSS
7.2AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
RHEL 7 : coreutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: Non-privileged session...
6.5CVSS
6.3AI Score
0.018EPSS
Jetty < 9.2.9.v20150224 Shared Buffers Information Leakage Vulnerability - Active Check
Jetty is prone to an information leakage...
7.5CVSS
7.5AI Score
0.953EPSS
Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...
6AI Score
EPSS
openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory...
8.6CVSS
8.7AI Score
0.331EPSS
Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution
The version of Moodle on the remote host includes a version of the KSES HTML filtering library that does not safely call 'preg_replace()' in the function 'kses_bad_protocol_once()' in 'lib/kses.php'. An unauthenticated, remote attacker can leverage this issue to inject arbitrary PHP code that will....
7AI Score
EulerOS Virtualization 3.0.6.0 : linux-firmware (EulerOS-SA-2024-1692)
According to the versions of the linux-firmware packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged...
8.2CVSS
8AI Score
0.0005EPSS
Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure
The version of Atlassian Crowd installed on the remote host is affected by an XML External Entity (XXE) vulnerability. This vulnerability could allow a remote, unauthenticated attacker to retrieve arbitrary files from the remote host by sending a specially crafted HTTP request with a Document...
9.2AI Score
0.003EPSS
Exploit for Improper Access Control in Papercut Papercut Mf
CVE-2023-27350 The tool is designed specifically for...
9.8CVSS
9.9AI Score
0.97EPSS
Exploit for Improper Access Control in Papercut Papercut Mf
CVE-2023-27350 The tool is designed specifically for...
9.8CVSS
9.9AI Score
0.97EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
4.8AI Score
0.0004EPSS
RHEL 8 : linux-firmware (RHSA-2024:0577)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0577 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: intel:...
8.2CVSS
6.5AI Score
0.0004EPSS
ASP Inline Corporate Calendar SQL injection
Multiple SQL injections affect ASP Inline Corporate...
7.4AI Score
0.006EPSS
Microsoft SQL (MSSQL) Server Blank Password (TCP/IP Listener)
The remote Microsoft SQL (MSSQL) Server has the...
7.1AI Score
0.957EPSS
Exploit for Use of Hard-coded Credentials in Dlink Dns-320L Firmware
Dinkleberry 🫐 Are you one of the 92,000+ people1...
7.8AI Score
Expose for Joomla! File Upload RCE
The Expose component for Joomla!, a third-party component for Flash galleries, running on the remote host is affected by a remote code execution vulnerability within the com_expose/uploadimg.php script due to improper sanitization or verification of uploaded files before placing them in a...
8.2AI Score
0.054EPSS
CentOS 6 : thunderbird (CESA-2019:0159)
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...
9.8CVSS
9.9AI Score
0.019EPSS
Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information...
5.7CVSS
5.9AI Score
0.0004EPSS
Debian DLA-3102-1 : linux-5.10 - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3102 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...
7.8CVSS
7.9AI Score
0.01EPSS
Debian DSA-5207-1 : linux - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5207 advisory. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions....
7.8CVSS
8AI Score
0.01EPSS
7.4AI Score
CentOS 7 : thunderbird (CESA-2019:0160)
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...
9.8CVSS
9.9AI Score
0.019EPSS
RHEL 7 : thunderbird (RHSA-2019:0160)
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...
9.8CVSS
9.9AI Score
0.019EPSS
Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.1AI Score
0.0004EPSS
Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.1AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
4.3AI Score
0.0004EPSS
Summary A number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. Vulnerability 1: Bundle mismatch causes invalid verification. Summary A cosign bundle can be crafted to successfully verify a blob...
5.5CVSS
1.4AI Score
0.0004EPSS
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
The remote PHP-Nuke service has a version of the 'Gallery' Add-on that allow attackers to read arbitrary files on this host. Every file that the web server has access to can be read by...
6.9AI Score
0.015EPSS
Amazon Linux 2023 : microcode_ctl (ALAS2023-2023-189)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-189 advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation...
7.5CVSS
6.6AI Score
0.0004EPSS
Siemens WinCC Microsoft SQL (MSSQL) Server Default Credentials (TCP/IP Listener)
The remote Microsoft SQL (MSSQL) Server has Siemens WinCC related default credentials...
7.8CVSS
7.7AI Score
0.001EPSS