Cisco IOS XE Software Internet Key Exchange Memory Leak Vulnerability (cisco-sa-20130925-ike)
A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An...
6.7AI Score
0.001EPSS
iBill ibillpm.pl Password Generation Weakness
The remote host is running iBill, an internet billing application. Some versions of the 'ibillpm.pl' CGI use a weak password management system that can be brute-forced. ** No flaw was tested. Your script might be a safe...
6.8AI Score
0.033EPSS
Cisco IOS XE Software Internet Group Management Protocol Memory Leak (cisco-sa-20180328-igmp)
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality. An unauthenticated, adjacent attacker can exploit this, by sending a large number of IGMP...
7.4CVSS
7.4AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...
5.9CVSS
6.6AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4....
7.5CVSS
6.7AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...
3.7CVSS
5.8AI Score
0.001EPSS
KB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update
The remote Windows host is missing security update 4483235. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update
The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
KB4088879: Windows 8.1 and Windows Server 2012 R2 March 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4088879 or cumulative update 4088876. It is, therefore, affected by multiple vulnerabilities : An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker...
5.6CVSS
7.9AI Score
0.976EPSS
KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update
The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates
The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...
7.5CVSS
8AI Score
0.947EPSS
KB4471322: Windows 8.1 and Windows Server 2012 R2 December 2018 Security Update
The remote Windows host is missing security update 4471322 or cumulative update 4471320. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under...
9.8CVSS
8.4AI Score
0.968EPSS
KB4471328: Windows 7 and Windows Server 2008 R2 December 2018 Security Update
The remote Windows host is missing security update 4471328 or cumulative update 4471318. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...
9.8CVSS
8.4AI Score
0.968EPSS
KB4471326: Windows Server 2012 December 2018 Security Update
The remote Windows host is missing security update 4471326 or cumulative update 4471330. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...
9.8CVSS
8.4AI Score
0.968EPSS
Microsoft Warns of Serious Flaw in Internet Explorer
Microsoft has issued a warning about a significant flaw in the Internet Explorer browser that could allow hackers to control unprotected computers. The vulnerability permits hackers to inject malware into any system by tricking users into visiting malicious websites. This affects anyone using...
7.4AI Score
Researchers Expose Security Flaw in Internet-Ready HDTVs
Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to.....
7.2AI Score
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...
3.7CVSS
5.8AI Score
0.001EPSS
RHEL 9 : samba (RHSA-2024:4101)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4101 advisory. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol,...
7.5CVSS
7AI Score
0.033EPSS
[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
Windows 7 and Windows Server 2008 R2 December 2017 Security Updates
The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...
7.5CVSS
8AI Score
0.947EPSS
Microsoft SQL Server Resolution Service Amplification Reflected DRDoS
The remote MS SQL Server allows distributed reflection and amplification (DRDoS)...
8.1AI Score
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)
The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...
9.8CVSS
8.3AI Score
0.05EPSS
[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7CVSS
9.4AI Score
0.0004EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.8CVSS
7.1AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...
5.1CVSS
6.3AI Score
0.001EPSS
Security Updates for Exchange (September 2017)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An...
6.1CVSS
6AI Score
0.009EPSS
Trac Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.005EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
6.3AI Score
0.002EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.8CVSS
7.3AI Score
0.0005EPSS
Oracle Linux 7 : bind (ELSA-2019-0194)
From Red Hat Security Advisory 2019:0194 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is....
7.5CVSS
6.8AI Score
0.001EPSS
An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...
7.8CVSS
7.4AI Score
0.0005EPSS
Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....
7.5CVSS
8AI Score
0.002EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...
5.9CVSS
5.8AI Score
0.002EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7CVSS
9AI Score
0.0004EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
5AI Score
0.002EPSS
Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....
7.5CVSS
0.002EPSS
Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....
7.5CVSS
8.2AI Score
0.002EPSS
RHEL 7 : spice (RHSA-2019:0231)
An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.5CVSS
7.7AI Score
0.003EPSS
Directus Lacks Session Tokens Invalidation
Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....
5.4CVSS
6.8AI Score
0.0004EPSS
Synchrologic Email Accelerator User Account Information Disclosure
Synchrologic Email Accelerator is prone to an information disclosure...
7.2AI Score
Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)
The remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt...
9.8CVSS
8.5AI Score
0.928EPSS
KB4471319: Windows Server 2008 December 2018 Security Update
The remote Windows host is missing security update 4471319 or cumulative update 4471325. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under...
9.8CVSS
8.4AI Score
0.968EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated....
5.3CVSS
5.1AI Score
0.002EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
0.002EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
0.002EPSS
internet-boekwinkel.nl Cross Site Scripting vulnerability OBB-3841528
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...
5.9CVSS
5.8AI Score
0.002EPSS
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:13985-1)
This update for libxml2 fixes the following issues : Security issue fixed : CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)...
5.5CVSS
7.2AI Score
0.03EPSS