Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6748-1 advisory. Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site...
7.1CVSS
6.3AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6746-1 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...
8.3AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Squid vulnerability (USN-6728-3)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-3 advisory. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug....
8.6CVSS
7.4AI Score
0.005EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory. There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory...
7.8AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6742-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6742-2 advisory. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain...
7.8CVSS
7.4AI Score
0.003EPSS
Slackware Linux 15.0 / current ruby Multiple Vulnerabilities (SSA:2024-114-01)
The version of ruby installed on the remote host is prior to 3.0.7 / 3.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-114-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version.....
7.4AI Score
EPSS
7.5AI Score
EPSS
New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.7-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex...
6.5AI Score
EPSS
Debian dsa-5673 : glibc-doc - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5673 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
6.6AI Score
0.0005EPSS
Debian dla-3793 : openjdk-11-dbg - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3793 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...
3.7CVSS
3.9AI Score
0.001EPSS
Debian dla-3792 : ctdb - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3792 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and...
6.5CVSS
7.9AI Score
0.038EPSS
7.5AI Score
Ubuntu 16.04 LTS / 18.04 LTS : Percona XtraBackup vulnerability (USN-6745-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6745-1 advisory. In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command...
7.8CVSS
7.8AI Score
0.0004EPSS
Debian dsa-5669 : guix - security update
The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5669 advisory. Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another...
6.3CVSS
6.3AI Score
0.0004EPSS
Debian dsa-5672 : openjdk-17-dbg - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5672 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...
3.7CVSS
4.1AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-6743-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-2 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the...
7.8CVSS
6.7AI Score
0.0004EPSS
Slackware Linux 15.0 / current freerdp Vulnerability (SSA:2024-113-01)
The version of freerdp installed on the remote host is prior to 2.11.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-113-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Debian dsa-5671 : openjdk-11-dbg - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5671 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...
3.7CVSS
3.9AI Score
0.001EPSS
Ubuntu 20.04 LTS : Pillow vulnerability (USN-6744-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6744-2 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not...
6.7CVSS
6.9AI Score
0.0004EPSS
Debian dsa-5670 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5670 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
Debian dla-3791 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3791 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6744-1 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of ...
6.7CVSS
6.9AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : LXD vulnerability (USN-6738-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6738-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7.5AI Score
0.963EPSS
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...
7.8CVSS
8.7AI Score
0.0004EPSS
New freerdp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/freerdp-2.11.7-i586-1_slack15.0.txz: Upgraded. This release eliminates a bunch of issues detected during oss-fuzz runs. (...
7.4AI Score
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...
7AI Score
9.8CVSS
9AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.804EPSS
Mitsubishi MELSEC-Q/L Series Incorrect Pointer Scaling (CVE-2024-0802)
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.5AI Score
0.0004EPSS
Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-1917)
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....
9.8CVSS
7.8AI Score
0.0004EPSS
Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-0803)
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....
9.8CVSS
7.8AI Score
0.0004EPSS
Mitsubishi MELSEC-Q/L Series Incorrect Pointer Scaling (CVE-2024-1915)
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot. Please...
9.8CVSS
7.7AI Score
0.0004EPSS
Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-1916)
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....
9.8CVSS
7.8AI Score
0.0004EPSS
Debian dsa-5667 : libtomcat9-embed-java - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5667 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through...
7.5CVSS
7.6AI Score
0.005EPSS
Debian dsa-5668 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5668 advisory. Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page....
8.8CVSS
6.8AI Score
0.001EPSS
New freerdp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/freerdp-2.11.6-i586-1_slack15.0.txz: Upgraded. This release is a security release and addresses multiple issues: [Low] OutOfBound...
9.8CVSS
7.2AI Score
0.0004EPSS
Debian dsa-5666 : flatpak - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5666 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a...
8.4CVSS
8.3AI Score
0.0004EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6739-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6739-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only...
7.8CVSS
7.6AI Score
0.003EPSS
6.7AI Score
0.0005EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6741-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6741-1 advisory. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow...
7.8CVSS
7.2AI Score
0.003EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6743-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-1 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap)...
7.8CVSS
7.1AI Score
0.0004EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that a...
7.8CVSS
8.5AI Score
0.003EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems...
7.8CVSS
8.5AI Score
0.003EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6742-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6742-1 advisory. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow...
7.8CVSS
7.1AI Score
0.003EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6740-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6740-1 advisory. A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a...
7.8CVSS
8.1AI Score
0.003EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
7.2AI Score
0.003EPSS
Slackware Linux 15.0 / current freerdp Multiple Vulnerabilities (SSA:2024-110-01)
The version of freerdp installed on the remote host is prior to 2.11.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-110-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
9.8CVSS
9.3AI Score
0.0004EPSS
Debian dla-3790 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux...
7.8CVSS
7.2AI Score
0.003EPSS
New glibc packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt. This update fixes a...
7.5AI Score
0.0005EPSS