AR3200; NGFW Module Security Vulnerabilities
EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2024-1685)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can...
8.4AI Score
7.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1672)
The remote host is missing an update for the Huawei...
7.1AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 # Subtest: iov_iter # module: kunit_iov_iter 1..9...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. This is likely not as big an issue on systems where the...
6.4AI Score
0.0004EPSS
EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2024-1663)
According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560) An XML External Entity (XXE) issue was...
7.6AI Score
EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2024-1672)
According to the versions of the kernel package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and...
8.2AI Score
EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2024-1697)
According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560) An XML External Entity (XXE) issue was...
7.7AI Score
EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2024-1665)
According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets...
7.5AI Score
EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2024-1698)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel...
6.5AI Score
0.0004EPSS
F5 Networks BIG-IP : libxml2 vulnerability (K000139641)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139641 advisory. In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and...
6.6AI Score
5.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1704)
The remote host is missing an update for the Huawei...
6.7AI Score
0.002EPSS
EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2024-1694)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
8.3AI Score
6.7AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2024-1697)
The remote host is missing an update for the Huawei...
7AI Score
0.001EPSS
7AI Score
0.0005EPSS
EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2024-1682)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed,...
7.4AI Score
Spreadsheet::ParseExcel RCE (CVE-2023-7101)
According to its self-reported version number, the Spreadsheet::ParseExcel perl module is vulnerable to a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to...
8.1AI Score
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1694)
The remote host is missing an update for the Huawei...
7AI Score
0.962EPSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbed already, hence module reference should be released if bdev_may_open() failed. This problem is.....
6.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1698)
The remote host is missing an update for the Huawei...
9.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)
The remote host is missing an update for the Huawei...
6.7AI Score
0.001EPSS
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...
7.5CVSS
7.1AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6CVSS
6.9AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6.3AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.8AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
6.9AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.8AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6.2AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.8AI Score
0.0004EPSS
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...
7.7AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information (CVE-2024-28849,...
9.8AI Score
0.019EPSS
Impact of TunnelVision Vulnerability
The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...
6.3AI Score
0.0005EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8AI Score
0.0004EPSS
Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...
6.6AI Score
0.0004EPSS
(RHSA-2024:2891) Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5AI Score
0.72EPSS
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
8.8CVSS
7.8AI Score
0.001EPSS
F5 Networks BIG-IP : Expat vulnerability (K000139637)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139637 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers...
7.2AI Score
RHEL 8 : httpd:2.4 (RHSA-2024:2891)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2891 advisory. mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) httpd: CONTINUATION frames DoS...
7.6AI Score
F5 Networks BIG-IP : Expat vulnerability (K000139630)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139630 advisory. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required...
7.4AI Score
F5 Networks BIG-IP : The BIG-IP system may fail to block HTTP Request Smuggling attacks (K000132430)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132430 advisory. The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to ...
7.4AI Score
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2024-1663)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138898 advisory. BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack ...
7.4AI Score
F5 Networks BIG-IP : BIG-IP HTTP non-RFC-compliant security exposure (K11342432)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 15.1.7 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K11342432 advisory. This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a...
7.3AI Score
K000139643: Node-tar vulnerability CVE-2024-28863
Security Advisory Description node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash...
6AI Score
0.0004EPSS