Amazon Linux AMI : kernel (ALAS-2019-1145)
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.(CVE-2018-20169) A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition....
6.8CVSS
7AI Score
0.003EPSS
CVE-2021-46911 ch_ktls: Fix kernel panic
In the Linux kernel, the following vulnerability has been resolved: ch_ktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock for the complete skb transmit, to avoid page cleanup if ACK received in...
5.5AI Score
0.0004EPSS
RHEL 7 : kernel-alt (RHSA-2019:0162)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0162 advisory. kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image (CVE-2018-10840) Note that Nessus has not...
6.6CVSS
8AI Score
0.001EPSS
RHEL 7 : kernel-rt (RHSA-2019:0188)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0188 advisory. kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) Note that Nessus has not tested for this issue but has...
8.1CVSS
7.9AI Score
0.012EPSS
Amazon Linux 2 : kernel (ALAS-2020-1480)
The version of kernel installed on the remote host is prior to 4.14.192-147.314. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory. 2024-06-19: CVE-2020-14356 was added to this advisory. The Serial Attached SCSI (SAS) implementation in the Linux...
7.8CVSS
7.5AI Score
0.014EPSS
7.7AI Score
0.0004EPSS
Amazon Linux AMI : kernel (ALAS-2023-1773)
The version of kernel installed on the remote host is prior to 4.14.318-166.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1773 advisory. It was discovered that a nft object or expression could reference a nft set on a different nft table, leading...
7.8CVSS
7.5AI Score
0.01EPSS
Amazon Linux 2 : kernel (ALAS-2023-2100)
The version of kernel installed on the remote host is prior to 4.14.318-240.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2100 advisory. It was discovered that a nft object or expression could reference a nft set on a different nft table, leading...
7.8CVSS
7.8AI Score
0.01EPSS
Oracle Linux 9 : kernel (ELSA-2022-8267)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory. A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local...
7.8CVSS
8.8AI Score
0.01EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
7.8CVSS
6.8AI Score
0.0004EPSS
Linux SMB3 Kernel Server (KSMBD) Installed (Linux)
Linux SMB3 Kernel Server (KSMBD) was detected on the remote Linux...
1AI Score
CVE-2021-46911 ch_ktls: Fix kernel panic
In the Linux kernel, the following vulnerability has been resolved: ch_ktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock for the complete skb transmit, to avoid page cleanup if ACK received in...
6.7AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALAS-2024-2549)
The version of kernel installed on the remote host is prior to 4.14.343-259.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2549 advisory. 2024-06-19: CVE-2023-46838 was added to this advisory. 2024-06-06: CVE-2023-52486 was added to this advisory. ...
7.8CVSS
7.6AI Score
0.001EPSS
NodeBB XML-RPC Request xmlrpc.php - XML Injection
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...
9.8CVSS
9.9AI Score
0.517EPSS
Rocky Linux 8 : kernel (RLSA-2022:7683)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7683 advisory. An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an...
7.8CVSS
8.5AI Score
0.01EPSS
RHEL 9 : kernel-rt (RHSA-2022:7933)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory. kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) kernel: use-after-free vulnerability in...
7.8CVSS
8.8AI Score
EPSS
Amazon Linux AMI : kernel (ALAS-2019-1149)
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption...
8CVSS
7.5AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALAS-2019-1149)
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption...
8CVSS
7.5AI Score
0.001EPSS
RHEL 9 : kernel (RHSA-2024:3855)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SVM: improper check...
7.8CVSS
7.7AI Score
0.001EPSS
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
CVE-2022-0185-Case-Study This case study is a result of an...
8.4CVSS
8.9AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALAS-2023-2359)
The version of kernel installed on the remote host is prior to 4.14.330-250.540. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2359 advisory. 2024-06-19: CVE-2023-52845 was added to this advisory. A use-after-free flaw was found in vcs_read in...
7.1CVSS
7.7AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALAS-2024-2569)
The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2569 advisory. 2024-06-19: CVE-2022-1011 was added to this advisory. 2024-06-19: CVE-2022-1353 was added to this advisory. ...
7.8CVSS
8.3AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:3810)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...
7.8CVSS
7.6AI Score
EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
7.8CVSS
7.2AI Score
0.0004EPSS
Amazon Linux AMI : kernel (ALAS-2024-1942)
The version of kernel installed on the remote host is prior to 4.14.348-187.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1942 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...
6.5CVSS
8.1AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALAS-2024-2581)
The version of kernel installed on the remote host is prior to 4.14.348-265.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2581 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...
6.5CVSS
8.8AI Score
0.0004EPSS
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has....
6.7AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
TIBCO JasperReports Library - Directory Traversal
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...
6.5CVSS
6.6AI Score
0.503EPSS
RHEL 8 : kernel (RHSA-2024:3859)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SEV-ES / SEV-SNP...
5.6CVSS
8.1AI Score
0.001EPSS
CentOS 7 : kernel (CESA-2019:0512)
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.8CVSS
7.7AI Score
0.001EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions (for debugging) among others. There is a bug where the...
6.8AI Score
0.0004EPSS
WordPress Sell Media 2.4.1 - Cross-Site Scripting
WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...
6.1CVSS
5.9AI Score
0.001EPSS
Oracle Linux 9 : kernel (ELSA-2024-12094)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12094 advisory. An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because...
8.8CVSS
8.3AI Score
0.024EPSS
Oracle Linux 8 : kernel (ELSA-2023-7549)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7549 advisory. Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary...
10CVSS
9AI Score
0.024EPSS
RHEL 8 : kernel-rt (RHSA-2023:7551)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7551 advisory. kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) hw: amd: Cross-Process Information Leak (CVE-2023-20593) Note...
8.8CVSS
8.1AI Score
0.024EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
6AI Score
0.0004EPSS
RHEL 8 : kernel-rt (RHSA-2023:7548)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7548 advisory. kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) kernel: use-after-free due to race...
10CVSS
9AI Score
0.024EPSS
Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...
8.1CVSS
7.3AI Score
0.002EPSS
7.8CVSS
7.2AI Score
0.0004EPSS
7CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.0004EPSS