Apache Tomcat 8.5.0 < 8.5.28 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.28. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.28_security-8 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...
6.5CVSS
7.4AI Score
0.002EPSS
TimThumb Cache Directory 'src' Parameter Arbitrary PHP File Upload
The version of TimThumb hosted on the remote web server allows an unauthenticated, remote attacker to upload arbitrary PHP files as specified by input to the 'src' parameter and retrieved from third- party sites to its cache directory. It's likely that these files can then be executed by...
9.9AI Score
0.067EPSS
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of....
9.8CVSS
9.4AI Score
0.001EPSS
Apache Tomcat 8.0.0.RC1 < 8.0.50 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.0.50_security-8 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...
6.5CVSS
7.4AI Score
0.002EPSS
Apache Tomcat 7.0.0 < 7.0.85 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.85. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.85_security-7 advisory. Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0...
6.5CVSS
7.4AI Score
0.002EPSS
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of....
9.8CVSS
9.6AI Score
0.001EPSS
Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: A deserialization vulnerability in...
7.5CVSS
8.5AI Score
0.974EPSS
PHP 5.4.x < 5.4.4 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.4, and as such is potentially affected the following vulnerabilities : An integer overflow error exists in the function 'phar_parse_tarfile' in the file 'ext/phar/tar.c'. This error can...
7.8AI Score
0.085EPSS
Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities
The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : A design error vulnerability may allow an attacker to gain control of a user's printer. Multiple stack-based buffer overflows may...
9.8CVSS
7.8AI Score
0.972EPSS
CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF
The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF...
5.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.6AI Score
0.0004EPSS
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...
9.8CVSS
10AI Score
0.975EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.4AI Score
0.0004EPSS
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a per CPU variable xfd_state to keep the...
7.4AI Score
0.0004EPSS
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one.....
8.6CVSS
7.5AI Score
0.001EPSS
PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities : An integer overflow error exists in the function 'phar_parse_tarfile' in the file 'ext/phar/tar.c'. This error...
7.8AI Score
0.085EPSS
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers PoC Make a logged in admin open an HTML file...
6.5AI Score
0.0004EPSS
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vulnerability
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to...
7.7AI Score
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...
6.5AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat...
6.4AI Score
0.0004EPSS
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
6AI Score
0.0004EPSS
CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
5.9AI Score
0.0004EPSS
Veritas NetBackup Improper Access Control (VTS24-004)
The version of Veritas NetBackup installed on the remote host is 9.1.0.1, 10.0, 10.0.0.1, 10.1, 10.1.1, 10.2, 10.2.0.1, 10.3, or 10.3.0.1. It is, therefore, affected by a vulnerability as referenced in the VTS24-004 advisory. A vulnerability was discovered in the Alta Recovery Vault feature of...
6.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ #1 Not tainted ...
6.4AI Score
0.0004EPSS
KB4093122: Windows Server 2012 April 2018 Security Update
The remote Windows host is missing security update 4093122 or cumulative update 4093123. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt...
8.8CVSS
8.6AI Score
0.652EPSS
KB4093115: Windows 8.1 and Windows Server 2012 R2 April 2018 Security Update
The remote Windows host is missing security update 4093115 or cumulative update 4093114. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. ...
8.8CVSS
8.7AI Score
0.652EPSS
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.30398)
The version of AHV installed on the remote host is prior to 20201105.30398. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.30398 advisory. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many ...
9.8CVSS
9.5AI Score
0.035EPSS
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Cr...
4.8CVSS
5.2AI Score
0.001EPSS
openSUSE: Security Advisory for kanidm (openSUSE-SU-2024:0095-1)
The remote host is missing an update for...
7.5AI Score
CVE-2023-52443 apparmor: avoid crash when parsed profile name is empty
In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is...
6.3AI Score
0.0004EPSS
Run file python3 CVE-2023-52654.py or sudo CVE-2023-52654.py...
7.1AI Score
0.0004EPSS
Ungallery <= 2.2.4 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following: Save...
5.5AI Score
0.0004EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1647-1)
The remote host is missing an update for...
7.8CVSS
7.2AI Score
0.0005EPSS
CVE-2024-26747 usb: roles: fix NULL pointer issue when put module's reference
In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the...
6.7AI Score
0.0004EPSS
Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack PoC Make an author (or above role) open the following...
5.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
5.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-26924 netfilter: nft_set_pipapo: do not free live element
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X")...
7.6AI Score
0.0004EPSS
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Cr...
4.8CVSS
5.2AI Score
0.001EPSS
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic...
6.2AI Score
EPSS
CVE-2024-26747 usb: roles: fix NULL pointer issue when put module's reference
In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the...
7.7AI Score
0.0004EPSS
CVE-2024-26924 netfilter: nft_set_pipapo: do not free live element
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X")...
6.7AI Score
0.0004EPSS
CVE-2024-36007 mlxsw: spectrum_acl_tcam: Fix warning during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...
6.3AI Score
0.0004EPSS
RHEL 7 : python-django (RHSA-2021:0933)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0933 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much ...
5.9CVSS
6.4AI Score
0.004EPSS
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...
7.5AI Score