CVE-2022-2591 TEM FLEX-1085 reboot denial of service
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
7.8AI Score
0.006EPSS
SUSE SLES15 Security Update : xen (SUSE-SU-2022:2591-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2591-1 advisory. Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially...
8.8CVSS
7.9AI Score
0.001EPSS
Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...
7.8CVSS
1.5AI Score
0.009EPSS
An update is available for setroubleshoot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
1.9AI Score
Amazon Linux 2 : libtiff (ALAS-2022-1780)
The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1780 advisory. Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote...
7.8CVSS
8AI Score
0.009EPSS
Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532) A flaw was found in libtiff. Due to a memory allocation failure in...
7.8CVSS
7.9AI Score
0.009EPSS
Rocky Linux 8 : edk2 (RLSA-2021:2591)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2591 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...
6.7CVSS
6.8AI Score
0.0005EPSS
7.5CVSS
7.6AI Score
0.002EPSS
7.5CVSS
6.8AI Score
0.009EPSS
Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2021-2591)
The remote host is missing an update for the Huawei...
7.5CVSS
7.8AI Score
0.009EPSS
EulerOS 2.0 SP3 : libldb (EulerOS-SA-2021-2591)
According to the versions of the libldb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with...
7.5CVSS
-0.4AI Score
0.009EPSS
Oracle WebLogic Server Administration Console - Remote Code Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...
9.8CVSS
9.2AI Score
0.969EPSS
6.5CVSS
6.3AI Score
0.001EPSS
openSUSE 15 Security Update : qemu (openSUSE-SU-2021:2591-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in...
6.5CVSS
6.1AI Score
0.001EPSS
SUSE SLES15 Security Update : qemu (SUSE-SU-2021:2591-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2591-1 advisory. QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write...
6.5CVSS
7AI Score
0.001EPSS
openSUSE: Security Advisory for qemu (openSUSE-SU-2021:2591-1)
The remote host is missing an update for...
6.5CVSS
6.4AI Score
0.001EPSS
Security update for qemu (important)
An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)...
6.5CVSS
0.8AI Score
0.001EPSS
CentOS 8 : edk2 (CESA-2021:2591)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2591 advisory. edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...
6.7CVSS
6.9AI Score
0.0005EPSS
Software: libtiff 4.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-3620 CVE-Crit: HIGH CVE-DESC: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" parameter is used, allows remote attackers to cause a denial of service (buffer overflow) via a generated...
7.8CVSS
9.7AI Score
0.019EPSS
Oracle Linux 8 : edk2 (ELSA-2021-2591)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2591 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied only on...
6.7CVSS
6.8AI Score
0.0005EPSS
[20200602gitca407c7246bf-4.el8_4.1] - edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1952953] - Resolves: bz#1952953 (edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8]...
6.7CVSS
1.1AI Score
0.0005EPSS
Moderate: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...
6.7CVSS
0.5AI Score
0.0005EPSS
An update is available for edk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual.....
6.7CVSS
7.4AI Score
0.0005EPSS
Moderate: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...
6.7CVSS
7.3AI Score
0.0005EPSS
(RHSA-2021:2591) Moderate: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security...
0.5AI Score
0.0005EPSS
RHEL 8 : edk2 (RHSA-2021:2591)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2591 advisory. edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) Note that Nessus has not tested for this issue but has instead relied...
6.7CVSS
7.3AI Score
0.0005EPSS
Debian DLA-2591-1 : golang-1.7 security update
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial of service (DoS), bypasss access control, and execute arbitrary code on the developer's computer. CVE-2017-15041 Go allows 'go get' remote command execution. Using custom domains, it is...
9.8CVSS
9.3AI Score
0.331EPSS
9.8CVSS
7.6AI Score
0.331EPSS
[SECURITY] [DLA 2591-1] golang-1.7 security update
Debian LTS Advisory DLA-2591-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 13, 2021 https://wiki.debian.org/LTS Package : golang-1.7 Version : 1.7.4-2+deb9u3 CVE ID ...
9.8CVSS
9.3AI Score
0.331EPSS
9.8CVSS
7.4AI Score
0.331EPSS
CentOS 8 : ghostscript (CESA-2019:2591)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2591 advisory. ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) ghostscript: Safer mode bypass by .forceput...
9.8CVSS
0.4AI Score
0.007EPSS
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript...
6.3CVSS
5.8AI Score
0.001EPSS
XSS Vulnerability in Legacy System x IMM2 - Lenovo Support US
Lenovo Security Advisory: LEN-44717 Potential Impact: Code execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8340 Summary Description: A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management...
6.1CVSS
0.5AI Score
0.001EPSS
XSS Vulnerability in Legacy System x IMM2 - Lenovo Support NL
Lenovo Security Advisory: LEN-44717 Potential Impact: Code execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8340 Summary Description: A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management...
6.1CVSS
0.5AI Score
0.001EPSS
Oracle WebLogic Server - Remote Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and...
9.8CVSS
9.3AI Score
0.976EPSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...
6.8CVSS
6.8AI Score
0.0004EPSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...
6.8CVSS
6.7AI Score
0.0004EPSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...
6.8CVSS
6.8AI Score
0.0004EPSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...
6.8CVSS
6.8AI Score
0.0004EPSS
MS03-026: Buffer Overrun in RPC May Allow Code Execution
Technical UpdateSeptember 10, 2003: The following changes were made to this article: Updated the "Security Patch Replacement Information" sections to indicate that this patch has been replaced by 824146 (MS03-039). For more information about the 824146 security patch (MS03-039), click the...
0.5AI Score
EPSS
The Network Time Protocol (NTP) is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the...
4.5AI Score
0.043EPSS
Oracle E-Business Suite Multiple Vulnerabilities (Jan 2020 CPU)
The version of Oracle E-Business installed on the remote host is missing the January 2020 Oracle Critical Patch Update (CPU). It is, as noted in the January 2020 Critical Patch Update advisory, affected by flaws in the following components : Oracle Human Resources Oracle CRM Technical Foundation...
9.9CVSS
-0.4AI Score
0.019EPSS
Huawei EulerOS: Security Advisory for gpgme (EulerOS-SA-2019-2591)
The remote host is missing an update for the Huawei...
6.4AI Score
0.036EPSS
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1190)
The remote host is missing an update for the Huawei...
7.5CVSS
7.6AI Score
0.037EPSS
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2018-1165)
The remote host is missing an update for the Huawei...
9.8CVSS
7.8AI Score
0.019EPSS
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2466)
The remote host is missing an update for the Huawei...
8.8CVSS
7.3AI Score
0.318EPSS
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1437)
The remote host is missing an update for the Huawei...
8.8CVSS
7.9AI Score
0.057EPSS
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....
8.2CVSS
7.9AI Score
0.002EPSS
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....
8.2CVSS
8.2AI Score
0.002EPSS
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle....
8.2CVSS
8.2AI Score
0.002EPSS