Ubuntu 16.04 LTS : OpenSSL update (USN-6663-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6686-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-2 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and...
7.8CVSS
7.7AI Score
EPSS
Ubuntu 14.04 LTS : X.Org X Server vulnerabilities (USN-6587-5)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6587-5 advisory. A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow...
9.8CVSS
8.2AI Score
0.002EPSS
Slackware Linux 15.0 / current expat Vulnerability (SSA:2024-073-01)
The version of expat installed on the remote host is prior to 2.6.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-073-01 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...
7.4AI Score
0.0004EPSS
Debian dsa-5639 : chromium - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5639 advisory. Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
5AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-3)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-3 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...
7.8CVSS
7AI Score
0.003EPSS
l-amp.nl Cross Site Scripting vulnerability OBB-3869823
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OVN vulnerability (USN-6691-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6691-1 advisory. A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an...
6.5CVSS
7.1AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Open vSwitch vulnerabilities (USN-6690-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6690-1 advisory. A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial...
7.5CVSS
7.1AI Score
0.0004EPSS
Ubuntu 16.04 LTS : PostgreSQL vulnerability (USN-6656-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6656-2 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer....
8CVSS
7.8AI Score
0.001EPSS
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2024-1305)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache...
6.1CVSS
7.5AI Score
0.01EPSS
Ubuntu 23.10 : Rack vulnerabilities (USN-6689-1)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6689-1 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response....
5.8CVSS
7.1AI Score
EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Gson vulnerability (USN-6692-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6692-1 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the...
7.7CVSS
7AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.10 : .NET vulnerability (USN-6693-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6693-1 advisory. .NET and Visual Studio Denial of Service Vulnerability (CVE-2024-21392) Note that Nessus has not tested for this issue but has instead relied only on the...
7.5CVSS
7.6AI Score
0.0005EPSS
Debian dla-3758 : libtiff-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3758 advisory. A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a...
7.5CVSS
6.7AI Score
0.001EPSS
Debian dla-3759 : qemu - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3759 advisory. A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side,...
7.5CVSS
7.9AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : AccountsService vulnerability (USN-6687-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6687-1 advisory. An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain...
3.3CVSS
6.8AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-2 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...
7.8CVSS
7.1AI Score
0.003EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.7AI Score
0.002EPSS
Debian dla-3757 : libnss3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122....
7.5CVSS
6.6AI Score
0.001EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerability (USN-6658-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6658-2 advisory. An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...
7.5CVSS
6.5AI Score
0.0005EPSS
Debian dla-3756 : wordpress - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3756 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dsa-5638 : libuv1 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5638 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart...
7.3CVSS
6.7AI Score
0.001EPSS
8.8AI Score
EPSS
Debian dla-3755 : tar - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3755 advisory. A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting...
6.8AI Score
0.0004EPSS
Nomore403 - Tool To Bypass 403/40X Response Codes
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...
7.4AI Score
Fedora: Security Advisory for args4j (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6686-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-1 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain...
7.8CVSS
7.2AI Score
EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : mqtt-client vulnerability (USN-6685-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6685-1 advisory. In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive....
7.5CVSS
6.9AI Score
0.006EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ncurses vulnerability (USN-6684-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6684-1 advisory. NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note that...
6.5CVSS
7.3AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-2)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-2 advisory. In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. (CVE-2023-46343) ...
7CVSS
7.7AI Score
0.003EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
7.8CVSS
7.8AI Score
EPSS
Debian dsa-5637 : squid - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5637 advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4...
9.3CVSS
8.1AI Score
0.03EPSS
[SECURITY] Fedora 40 Update: args4j-2.33-26.fc40
args4j is a small Java class library that makes it easy to parse command line options/arguments in your CUI application. - It makes the command line parsing very easy by using annotations - You can generate the usage screen very easily - You can generate HTML/XML that lists all options for your...
6.9AI Score
0.0004EPSS
Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2023-46218). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2023-46218 ...
6.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....
7.5CVSS
8.1AI Score
0.001EPSS
[slackware-security] ghostscript
New ghostscript packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way...
7.8CVSS
7.5AI Score
0.001EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Thu Mar 7 15:16:48 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_feb2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
7.5CVSS
6.6AI Score
0.001EPSS
Slackware Linux 15.0 / current ghostscript Vulnerability (SSA:2024-067-01)
The version of ghostscript installed on the remote host is prior to 10.03.0 / 9.55.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-067-01 advisory. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or...
7.8CVSS
7AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The...
9.8CVSS
7.7AI Score
0.009EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : HtmlCleaner vulnerability (USN-6683-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6683-1 advisory. An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted...
7.5CVSS
6.9AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
7.4AI Score
EPSS
Debian dla-3753 : yard - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3753 advisory. yard before 0.9.20 allows path traversal. (CVE-2019-1020001) YARD is a Ruby Documentation tool. The frames.html file within the Yard Doc's generated...
5.4CVSS
6.1AI Score
0.003EPSS
Debian dla-3754 : fontforge - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3754 advisory. FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. (CVE-2020-5395) FontForge 20190801 has a heap-based buffer overflow in the...
8.8CVSS
8.2AI Score
0.005EPSS
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the...
9.2AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-1 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...
7.8CVSS
7.2AI Score
0.003EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-1 advisory. In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. (CVE-2023-46343) ...
7CVSS
7.6AI Score
0.003EPSS
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF...
9.4AI Score
0.0004EPSS