8.8CVSS
8.1AI Score
0.003EPSS
9.8CVSS
7.3AI Score
0.007EPSS
Debian DLA-1662-1 : libthrift-java security update
It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...
7.5CVSS
7.6AI Score
0.002EPSS
Debian DLA-1659-1 : drupal7 security update
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...
9.8CVSS
9.7AI Score
0.921EPSS
GLSA-202406-02 : Flatpak: Sandbox Escape
The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.4CVSS
7.1AI Score
0.0004EPSS
Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the....
6.8AI Score
0.0004EPSS
Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)
The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...
7.5CVSS
7.7AI Score
0.001EPSS
Debian DSA-4372-1 : ghostscript - security update
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being...
7.8CVSS
8AI Score
0.017EPSS
Debian DSA-4375-1 : spice - security update
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary...
7.5CVSS
7.8AI Score
0.003EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.4AI Score
0.0004EPSS
9.8CVSS
9AI Score
0.023EPSS
8.8CVSS
9AI Score
0.009EPSS
7.5CVSS
7.8AI Score
0.004EPSS
9.8CVSS
8.9AI Score
0.028EPSS
6.5CVSS
7.8AI Score
0.007EPSS
6.5CVSS
7.2AI Score
0.006EPSS
4.7CVSS
6.3AI Score
0.001EPSS
9.8CVSS
8.3AI Score
0.006EPSS
9.8CVSS
9AI Score
0.003EPSS
5.5CVSS
6.1AI Score
0.002EPSS
5.5CVSS
5.3AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.006EPSS
9.8CVSS
9.8AI Score
0.39EPSS
8.8CVSS
8.8AI Score
0.379EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)
The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.1AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....
6.5AI Score
0.0004EPSS
Debian DLA-1649-1 : spice security update
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...
7.5CVSS
7.8AI Score
0.003EPSS
Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2972-1)
Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,.....
9.8CVSS
9.1AI Score
0.49EPSS
5.9CVSS
7.1AI Score
0.946EPSS
7.5CVSS
8.1AI Score
0.717EPSS
Debian DLA-1661-1 : mumble security update
It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...
7.5CVSS
7.4AI Score
0.036EPSS
GLSA-202406-05 : JHead: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
9.8CVSS
7.5AI Score
0.002EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
Debian DLA-1683-1 : rdesktop security update
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...
9.8CVSS
10AI Score
0.141EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-a58a7e2388)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-3da8ed5be3)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-08bb549a36)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
7.8CVSS
6.6AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.006EPSS
7.5CVSS
6.9AI Score
0.006EPSS
7.5CVSS
6.7AI Score
0.084EPSS
6.5CVSS
8AI Score
0.01EPSS
Debian DLA-1650-1 : rssh security update
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...
7.8CVSS
8.8AI Score
0.0004EPSS
Debian DSA-4377-1 : rssh - security update
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...
7.8CVSS
8.8AI Score
0.0004EPSS
7.8CVSS
6.8AI Score
0.006EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-125)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...
7.5CVSS
6.8AI Score
0.0004EPSS
9.8CVSS
9.2AI Score
0.004EPSS