In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt....
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...
6.7AI Score
0.0004EPSS
KB5019962: Windows 10 version 17784 / Azure Stack HCI Security Update (November 2022)
The remote Windows host is missing security update 5019962. It is, therefore, affected by multiple...
7.7AI Score
KB5013951: Windows 10 version 17784 / Azure Stack HCI Security Update (May 2022)
The remote Windows host is missing security update 5013951. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...
7.6AI Score
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
.NET Denial of Service vulnerability
Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...
7.5CVSS
6.5AI Score
0.001EPSS
CVE-2021-47390 KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...
6.4AI Score
0.0004EPSS
KB5016620: Windows 10 version 17784 / Azure Stack HCI Security Update (August 2022)
The remote Windows host is missing security update 5016620. It is, therefore, affected by multiple...
7.7AI Score
KB5018415: Windows 10 version 17784 / Azure Stack HCI Security Update (October 2022)
The remote Windows host is missing security update 5018415. It is, therefore, affected by multiple...
7.7AI Score
KB5017311: Windows 10 version 17784 / Azure Stack HCI Security Update (September 2022)
The remote Windows host is missing security update 5017311. It is, therefore, affected by multiple miscellaneous security improvements to internal OS...
7.5AI Score
KB5014698: Windows 10 version 17784 / Azure Stack HCI Security Update (June 2022)
The remote Windows host is missing security update 5014698. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...
7.6AI Score
glpi -- SQL injection for all usages of "Clone" feature
MITRE Corporation reports: In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in...
7.1CVSS
1.7AI Score
0.001EPSS
Fedora 29 : python3 / python3-docs (2019-60a1defcd1)
Python 3.7.4 is the fourth and most recent maintenance release of Python 3.7. Changelog for final, 3.7.4 release candidate 2 and 3.7.4 release candidate 1. Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block....
9.8CVSS
8.9AI Score
0.007EPSS
CVE-2024-35989 dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...
7AI Score
0.0004EPSS
KB5015809: Windows 10 version 17784 / Azure Stack HCI Security Update (July 2022)
The remote Windows host is missing security update 5015809. It is, therefore, affected by miscellaneous security issues with the functionality of the internal...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...
6.6AI Score
0.0004EPSS
CVE-2024-35989 dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...
6.3AI Score
0.0004EPSS
Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,.....
4.8CVSS
4.8AI Score
0.001EPSS
Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,.....
4.8CVSS
0.001EPSS
Security Updates Outlook for Windows (April 2024)
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by a spoofing vulnerability. External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control....
8.1CVSS
7.9AI Score
0.001EPSS
KB4592504: Windows Server 2008 December 2020 Security Update
The remote Windows host is missing security update 4592504 or cumulative update 4592498. It is, therefore, affected by multiple vulnerabilities: An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information....
5.5CVSS
6.5AI Score
0.0004EPSS
glpi -- Reflexive XSS in Dropdown menus
MITRE Corporation reports: In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version...
6CVSS
4AI Score
0.001EPSS
RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.3] (RHSA-2022:8502)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8502 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators...
6.5CVSS
7.4AI Score
0.001EPSS
glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php
MITRE Corporation reports: In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users,...
4.3CVSS
4.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare...
6.6AI Score
0.0004EPSS
glpi -- bypass of the open redirect protection
MITRE Corporation reports: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version...
6.1CVSS
4.3AI Score
0.005EPSS
glpi -- Insecure Direct Object Reference on ajax/comments.ph
MITRE Corporation reports: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users,...
4.3CVSS
2.6AI Score
0.001EPSS
KB5004950: Windows 10 1507 LTS OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5003209: Windows 8.1 and Windows Server 2012 R2 Security Update (May 2021)
The remote Windows host is missing security update 5003209. It is, therefore, affected by multiple...
9.9CVSS
7.6AI Score
0.937EPSS
glpi -- SQL injection for all helpdesk instances
MITRE Corporation reports: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version...
7.6CVSS
3.6AI Score
0.001EPSS
KB5004960: Windows Server 2012 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5004959: Windows Server 2008 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5004946: Windows 10 1909 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for....
6.6AI Score
0.0004EPSS
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.6AI Score
0.001EPSS
KB5003169: Windows 10 version 1909 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for...
8AI Score
0.0004EPSS
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...
6.1CVSS
0.001EPSS
glpi -- leakage issue with knowledge base
MITRE Corporation reports: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the...
5.3CVSS
2.7AI Score
0.001EPSS
KB5030220: Windows 10 LTS 1507 Security Update (September 2023)
The remote Windows host is missing security update 5030220. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) Windows TCP/IP Denial of Service Vulnerability (CVE-2023-38149) Windows Miracast Wireless...
8.8CVSS
7.5AI Score
0.001EPSS
KB5004947: Windows 10 1809 and Windows Server 2019 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5004945: Windows 10 2004 / 20H2 / 21H1 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5003697: Windows Server 2012 Security Update (June 2021)
The remote Windows host is missing security update 5003697. It is, therefore, affected by multiple...
9.4CVSS
8.5AI Score
0.966EPSS
KB5003695: Windows Server 2008 Security Update (June 2021)
The remote Windows host is missing security update 5003695. It is, therefore, affected by multiple...
9.4CVSS
8.4AI Score
0.966EPSS
KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...
6.1CVSS
6AI Score
0.001EPSS
MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version...
9.3CVSS
3.7AI Score
0.003EPSS
KB5003174: Windows 10 version 1803 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS