CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of...
5.9CVSS
5.7AI Score
0.0004EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7AI Score
0.0004EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
0.002EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
7.5AI Score
0.001EPSS
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM...
6.8AI Score
0.0004EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7CVSS
6.7AI Score
0.0004EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7CVSS
6.8AI Score
0.0004EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
10AI Score
0.002EPSS
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)
The remote host is missing updates announced in advisory GLSA...
9.8CVSS
8.2AI Score
0.97EPSS
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM...
6.8AI Score
0.0004EPSS
OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
BroadWin WebAccess Version Detection
Detection of BroadWin WebAccess. The script sends a connection request to the server and attempts to extract the version number from the...
7.2AI Score
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.1AI Score
0.001EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
7.5AI Score
0.001EPSS
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the...
6.6AI Score
0.0004EPSS
Report default community names of the SNMP Agent
Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are...
8.1CVSS
7.2AI Score
0.454EPSS
Microsoft Exchange Public Folders Information Leak
Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...
6.3AI Score
0.015EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.7AI Score
0.0004EPSS
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto (ICC) package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which...
7.5CVSS
6.3AI Score
0.001EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.9AI Score
0.001EPSS
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....
6.5AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
5.5CVSS
7.3AI Score
0.001EPSS
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
9.8CVSS
7.2AI Score
0.001EPSS
Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()
Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epl_update_listing_coordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...
5.3CVSS
7AI Score
0.0004EPSS
OpenSSL 1.1.1 < 1.1.1d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1d advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
5.3CVSS
5.8AI Score
0.015EPSS
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
7.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.5AI Score
0.001EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.5AI Score
0.0004EPSS
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID: CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
7.5CVSS
6.6AI Score
0.001EPSS
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
4.8CVSS
5.3AI Score
0.0005EPSS
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
9.8CVSS
9.7AI Score
0.001EPSS
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-372d83d54e)
The remote host is missing an update for...
4.3CVSS
5.1AI Score
0.002EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-da76643229)
The remote host is missing an update for...
5.4CVSS
5.8AI Score
0.002EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-b71cc4df92)
The remote host is missing an update for...
5.4CVSS
5.8AI Score
0.002EPSS
7.1AI Score
0.0004EPSS
RHEL 8 : grafana-pcp (RHSA-2024:1644)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1644 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...
7.5CVSS
7.9AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.5AI Score
0.0004EPSS
DNN (DotNetNuke) < 3.0.12 Multiple XSS
The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script...
6.7AI Score
0.008EPSS
Xinhua San Technology Co., Ltd. is a company that mainly provides research, development, production, sales and service of IT infrastructure products and solutions. A file upload vulnerability exists in the web-based network management system of Xinhua San Technologies Limited, which can be...
7.3AI Score
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
8.3AI Score
0.0004EPSS