Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)
New openssl packages are available for Slackware 14.2 to fix a security...
5.9CVSS
6.6AI Score
0.01EPSS
6.5CVSS
7AI Score
0.004EPSS
8.8CVSS
8.1AI Score
0.005EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to...
8.8CVSS
7.9AI Score
0.003EPSS
Debian DSA-4400-1 : openssl1.0 - security update
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...
5.9CVSS
6.6AI Score
0.01EPSS
Docker Desktop < 4.5.0 Incorrect Access Control
The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
8.4CVSS
8.4AI Score
0.0005EPSS
OpenTelemetry Collector < 0.102.1 DoS
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue.....
8.2CVSS
7.7AI Score
0.001EPSS
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the July 2016 CPU...
7.5CVSS
7.4AI Score
0.005EPSS
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured...
6.9AI Score
0.0004EPSS
Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
Enhancing Security with AI: Revolutionizing Protection in the Digital Era
In the ever-evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) and Machine Learning (ML) has emerged as a transformative force. AI, with its ability to mimic human cognition and problem-solving capabilities, combined with ML's capacity to iteratively learn from...
7.1AI Score
Microsoft Paint 3D Multiple Vulnerabilities (June 2021)
The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...
7.8CVSS
8.4AI Score
0.053EPSS
Debian DSA-4413-1 : ntfs-3g - security update
A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege...
7CVSS
7.2AI Score
0.0004EPSS
Slackware 14.2 / current : mozilla-firefox (SSA:2019-081-01)
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security...
8.8CVSS
9.2AI Score
0.952EPSS
Debian DSA-4373-1 : coturn - security update
Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...
9.8CVSS
9.2AI Score
0.003EPSS
KB5012589: Windows Azure Stack HCI Security Update (April 2022)
The remote Windows host is missing security update 5012589. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...
7.6AI Score
Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)
The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.8CVSS
9.9AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...
8.4AI Score
6.5AI Score
0.548EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...
9.8CVSS
8AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.04 / 23.10 : Ghostscript vulnerability (USN-6551-1)
The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6551-1 advisory. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to...
7.5CVSS
7.5AI Score
0.001EPSS
GLSA-201903-10 : OpenSSL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-10 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive...
5.9CVSS
6.7AI Score
0.01EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...
7.7AI Score
EPSS
9.8CVSS
9.7AI Score
0.01EPSS
9.8CVSS
9.7AI Score
0.01EPSS
8.1CVSS
8.8AI Score
0.002EPSS
OVAL Windows Compliance Checks
Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...
1.5AI Score
Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...
1.2AI Score
7.3AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...
7.5CVSS
7.5AI Score
0.0004EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158059 advisory. IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...
6.5CVSS
6.3AI Score
EPSS
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Note that Nessus...
8.1CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
7.8AI Score
0.037EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...
8.1CVSS
8AI Score
0.0004EPSS
VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)
The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...
5.3CVSS
7.1AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...
6.5CVSS
8AI Score
0.001EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-167)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...
5.1CVSS
6.6AI Score
0.0004EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
6.5CVSS
7AI Score
0.005EPSS
9.8CVSS
9.6AI Score
0.964EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...
8.8CVSS
8.6AI Score
0.024EPSS
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...
7.8CVSS
7.6AI Score
EPSS
Debian DLA-1682-1 : uriparser security update
Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......
9.8CVSS
9.6AI Score
0.003EPSS
Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...
8.8CVSS
8.9AI Score
0.007EPSS
KB5011490: Windows 10 version 17784 / Azure Stack HCI Security Update (March 2022)
The remote Windows host is missing security update 5011490. It is, therefore, missing multiple undisclosed security improvements to internal...
7.5AI Score
Debian DLA-1699-1 : ldb security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...
6.5CVSS
6AI Score
0.007EPSS