RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) Apache Tomcat 5.5.0 through...
7.5CVSS
8.1AI Score
0.908EPSS
RHEL 5 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...
9.8CVSS
10AI Score
0.969EPSS
RHEL 8 : python-idna (RHSA-2024:3552)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3552 advisory. Security Fix(es): * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable...
7.6AI Score
EPSS
RHEL 8 : nodejs : (RHSA-2024:3553)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3553 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...
8.2CVSS
8.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)
The remote host is missing an update for the Huawei...
7.3CVSS
6.4AI Score
0.001EPSS
EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...
7.3CVSS
7.3AI Score
0.001EPSS
RHEL 6 : nagios (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nagios: Configured administrative account with fixed password and no IP restriction as default ...
9.8CVSS
7.6AI Score
0.005EPSS
RHEL 7 : iproute (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...
4.4CVSS
7.4AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:3529)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3529 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...
7.8CVSS
7.5AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)
The remote host is missing an update for the Huawei...
7.3CVSS
6.4AI Score
0.001EPSS
EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...
7.3CVSS
7.3AI Score
0.001EPSS
RHEL 5 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nasm: heap-based buffer over-read in do_directive in asm/preproc.c (CVE-2018-19215) nasm: Buffer...
7.8CVSS
8.8AI Score
0.005EPSS
RHEL 8 : iscsi-initiator-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...
7.5CVSS
8.3AI Score
0.002EPSS
RHEL 7 : iscsi-initiator-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...
7.5CVSS
7.8AI Score
0.002EPSS
ip SSRF improper categorization in isPublic
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...
9.8CVSS
6.2AI Score
EPSS
ip SSRF improper categorization in isPublic
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...
9.8CVSS
6.2AI Score
EPSS
CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...
8.6CVSS
6.2AI Score
0.945EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
8.6CVSS
6.1AI Score
0.945EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
8.6CVSS
6.1AI Score
0.945EPSS
[SECURITY] Fedora 39 Update: rust-local_ipaddress-0.1.3-8.fc39
Get your local IP address without...
7.1AI Score
7.6CVSS
6.7AI Score
0.0004EPSS
10CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.013EPSS
Aquatronica Control System 5.1.6 Password Disclosure Exploit
Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....
7.5AI Score
ip172.ip-51-255-15.eu Cross Site Scripting vulnerability OBB-3932087
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-24919 Esse projeto tem como objetivo criar uma...
8.6CVSS
6.3AI Score
0.945EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...
7.5CVSS
8.2AI Score
0.005EPSS
7.5CVSS
7.1AI Score
EPSS
6.7AI Score
0.001EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
CVE-2024-24919 Exploit Overview This repository contains...
8.6CVSS
8.6AI Score
0.945EPSS
7.5AI Score
CVE-2024-24919 Exploit tool to validate CVE-2024-24919...
8.6CVSS
5.9AI Score
0.945EPSS
7.4AI Score
7.5AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...
6.8AI Score
EPSS
Check point:CVE-2024-24919 ...
8.6CVSS
6.5AI Score
0.945EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
Beyond Threat Detection – A Race to Digital Security
Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created...
7AI Score
CVE-2024-24919 An Vulnerability detection and Exploitation...
8.6CVSS
6.1AI Score
0.945EPSS
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting
The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...
7.2AI Score
Symfony is vulnerable to IP Address Spoofing The vulnerability is due to the potential manipulation of client IP addresses returned by the Request::getClientIp() method for sensitive decisions. It allows malicious actors to manipulate or spoof their IP...
7AI Score
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
7.4AI Score
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
7.1AI Score
0.0004EPSS
10CVSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS