OMRON SOCIAL SOLUTIONS Co.,Ltd. Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through...
6.7AI Score
0.0004EPSS
CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
7.1AI Score
0.0004EPSS
RHEL 9 : LibRaw (RHSA-2024:2137)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2137 advisory. A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash....
6.4AI Score
CVE-2024-1065 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...
7.2AI Score
0.0004EPSS
Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the...
6AI Score
0.0004EPSS
How your business should deal with negative feedback on social media
By Owais Sultan If used correctly, social media can not only provide businesses with a fantastic (generally free) chance to market… This is a post from HackRead.com Read the original post: How your business should deal with negative feedback on social...
7.2AI Score
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured...
5.4CVSS
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through...
6.4AI Score
0.0004EPSS
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts....
5.4CVSS
7.3AI Score
0.0004EPSS
RHEL 8 : bind and dhcp (RHSA-2024:2721)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2721 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for...
8.3AI Score
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.9AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.This issue affects Social Author Bio: from n/a through...
6.5AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
 vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Modbus/TCP Master OPC Server MODBUS Protocol Response Packet Remote Overflow
The version of the Modbus/TCP Master OPC Server from Automated Solutions installed on the remote host is earlier than 3.0.2 and, as such, reportedly has a buffer overflow vulnerability. If the server can be made to initiate communications with a malicious channel under an attacker's control, this.....
3.7AI Score
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before...
7.9AI Score
Barco/AWiND WePresent Command Port Detection
By identifying the command port, it was possible to detect that the remote host is a wireless presentation hardware...
1.1AI Score
RHEL 9 : gstreamer1-plugins-base (RHSA-2024:2302)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2302 advisory. Heap overwrite in subtitle parsing (CVE-2023-37328) (CVE-2023-37328) Note that Nessus has not tested for this issue but has instead relied only on...
8.6AI Score
Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. The water information management platform of...
7.5AI Score
RHEL 9 : mingw-pixman (RHSA-2024:2525)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2525 advisory. In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer...
9.1AI Score
RHEL 9 : file (RHSA-2024:2512)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2512 advisory. File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: File is the name of an Open Source project....
5.8AI Score
RHEL 9 : traceroute (RHSA-2024:2483)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2483 advisory. In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. (CVE-2023-46316) Note that Nessus...
5.5AI Score
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before...
6.6AI Score
RHEL 9 : gstreamer1-plugins-good (RHSA-2024:2303)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2303 advisory. Integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) (CVE-2023-37327) Note that Nessus has not tested for this...
7.7AI Score
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering.....
5.4CVSS
7.3AI Score
0.0004EPSS
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before...
6.6AI Score
RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2024:2287)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2287 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474, CVE-2023-40475,...
8.8AI Score
An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before...
6.6AI Score
RHEL 9 : qt5-qtbase (RHSA-2024:2276)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2276 advisory. An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and...
8.9AI Score
RHEL 9 : grafana-pcp (RHSA-2024:2569)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2569 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using...
7.3AI Score
RHEL 9 : buildah (RHSA-2024:2245)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2245 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes...
7.5AI Score
RHEL 9 : httpd (RHSA-2024:2278)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2278 advisory. Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) Note...
7.7AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2113 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much...
5.8AI Score
RHEL 9 : sssd (RHSA-2024:2571)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2571 advisory. A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...
6.7AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3323 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...
7.5AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...
7.1AI Score
RHEL 8 : libreswan (RHSA-2024:2081)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2081 advisory. The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured...
6.2AI Score
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to...
8.2AI Score
0.0004EPSS
RHEL 9 : mutt (RHSA-2024:2290)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2290 advisory. Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 (CVE-2023-4874) Null pointer dereference when...
6.3AI Score
RHEL 9 : libreswan (RHSA-2024:2565)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2565 advisory. The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured...
6.2AI Score
RHEL 9 : mod_http2 (RHSA-2024:2564)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2564 advisory. HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...
6.5AI Score
RHEL 9 : python3.11-urllib3 (RHSA-2024:2159)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2159 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...
7.7AI Score
RHEL 9 : python-jinja2 (RHSA-2024:2348)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2348 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to...
6.2AI Score
7.3AI Score
RHEL 9 : freeglut (RHSA-2024:2366)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2366 advisory. freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. (CVE-2024-24258) ...
7.7AI Score
RHEL 9 : exfatprogs (RHSA-2024:2437)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2437 advisory. exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. (CVE-2023-45897) Note that Nessus has not tested...
5.4AI Score