FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...
7.7AI Score
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1629)
The remote host is missing an update for the Huawei...
7.1AI Score
0.962EPSS
F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000138636)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138636 advisory. A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP ...
7.2AI Score
F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000138912)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138912 advisory. When an SSL profile with alert timeout is configured with a non-default value on a virtual...
5.8AI Score
EulerOS Virtualization 2.11.1 : python-paramiko (EulerOS-SA-2024-1616)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows...
7.8AI Score
EulerOS Virtualization 2.11.0 : python-paramiko (EulerOS-SA-2024-1635)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows...
7.8AI Score
Oracle Linux 9 : nodejs:18 (ELSA-2024-2779)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2779 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
6.9AI Score
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)
The remote host is missing an update for the Huawei...
7.1AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1610)
The remote host is missing an update for the Huawei...
7.1AI Score
0.962EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e79cc4e2-12d7-11ef-83d8-4ccc6adda413 advisory. Andy Shaw reports: QStringConverter has an invalid pointer being passed as a callback ...
7.2AI Score
F5 Networks BIG-IP : BIG-IP APM browser network access VPN client vulnerability (K000138744)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138744 advisory. An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for...
7.3AI Score
F5 Networks BIG-IP : BIG-IP TMM tenants on VELOS and rSeries vulnerability (K000139217)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10. It is, therefore, affected by a vulnerability as referenced in the K000139217 advisory. Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants...
7AI Score
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1616)
The remote host is missing an update for the Huawei...
7.1AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1635)
The remote host is missing an update for the Huawei...
7.1AI Score
0.962EPSS
EulerOS Virtualization 2.11.1 : libssh2 (EulerOS-SA-2024-1610)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
7.8AI Score
EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2024-1612)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
8.3AI Score
EulerOS Virtualization 2.11.0 : libssh2 (EulerOS-SA-2024-1629)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
7.8AI Score
F5 Networks BIG-IP : TMM vulnerability (K000139037)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000139037 advisory. When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel...
7.6AI Score
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000138520)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138520 advisory. A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP ...
5.8AI Score
RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
This module exposes Drupal resources (e.g. entities) as RESTful web services. The module doesn't sufficiently restrict access for user...
7.2AI Score
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001 Vulnerability Details ** CVEID: CVE-2024-22259 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
8.8AI Score
0.005EPSS
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Problem The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem...
5.3AI Score
0.0004EPSS
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Problem The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem...
5.2AI Score
0.0004EPSS
TYPO3 vulnerable to an HTML Injection in the History Module
Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3...
4.2AI Score
0.0004EPSS
TYPO3 vulnerable to an HTML Injection in the History Module
Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3...
4.3AI Score
0.0004EPSS
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings...
7.7AI Score
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...
6AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...
3.5CVSS
4.5AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...
5.4CVSS
5.2AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...
6.5AI Score
0.0004EPSS
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...
6.4CVSS
7.2AI Score
0.0004EPSS
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox....
7.2AI Score
0.0004EPSS
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox....
7.6CVSS
7.5AI Score
0.0004EPSS
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
7.1AI Score
0.0004EPSS
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect...
6.8CVSS
7.2AI Score
0.0004EPSS
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect...
6.2CVSS
7.4AI Score
0.0004EPSS
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect...
8.4CVSS
7.1AI Score
0.0004EPSS
Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect...
5.6CVSS
7.2AI Score
0.0004EPSS
Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect...
6.2CVSS
7.1AI Score
0.0004EPSS
Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect...
7.5CVSS
7.1AI Score
0.0004EPSS
Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect...
7.5CVSS
7.1AI Score
0.0004EPSS
Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...
3.3CVSS
7.1AI Score
0.0004EPSS
Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect...
6.1CVSS
7.1AI Score
0.0004EPSS
Summary Exploitation of this flaw requires root access to the ESXi host. IBM has addressed the vulnerability. Vulnerability Details ** CVEID: CVE-2023-20867 DESCRIPTION: **VMware Tools could allow a local authenticated attacker to bypass security restrictions, caused by the failure to...
6.6AI Score
0.002EPSS
The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect...
6.2CVSS
7AI Score
0.0004EPSS
Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect...
4.1CVSS
7AI Score
0.0004EPSS
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service...
7.1CVSS
7.3AI Score
0.0004EPSS
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...
4.7CVSS
7AI Score
0.0004EPSS
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect...
4.7CVSS
7AI Score
0.0004EPSS
CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...
5.2AI Score
0.0004EPSS