Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
SolarWinds Serv-U 15.4.2 < 15.4.3
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4.2 HF2. It is, therefore, affected by a vulnerability as referenced in the solarwinds_serv-u_15_4_2_hf_2 advisory. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to...
8.6CVSS
7.9AI Score
0.343EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.4AI Score
0.0004EPSS
Debian DLA-1651-1 : libgd2 security update
Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....
9.8CVSS
9.3AI Score
0.714EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
Debian DSA-4397-1 : ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...
6.5CVSS
6AI Score
0.007EPSS
9.8CVSS
9.1AI Score
0.004EPSS
7.8CVSS
8AI Score
0.002EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...
6.5CVSS
8AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...
9.8CVSS
8AI Score
0.002EPSS
GLSA-201903-08 : GNU Wget: Password and metadata leak
The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak) A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c. Impact : A local attacker could obtain sensitive information to include credentials. Workaround :...
7.8CVSS
8.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.3AI Score
0.01EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
VMware Fusion 12.0.x < 12.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS
Debian DLA-1670-1 : ghostscript security update
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 'Jessie', this problem has...
7.8CVSS
8AI Score
0.017EPSS
Debian DSA-4407-1 : xmltooling - security update
Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...
7.5CVSS
7.4AI Score
0.026EPSS
Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6549-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-4 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...
8.8CVSS
8.5AI Score
0.024EPSS
Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6822-1 advisory. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were...
9.8CVSS
8.9AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
Debian DSA-4385-1 : dovecot - security update
halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else.....
7.7CVSS
6.2AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.04 / 23.10 : Ghostscript vulnerability (USN-6551-1)
The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6551-1 advisory. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to...
7.5CVSS
7.5AI Score
0.001EPSS
Debian DSA-4388-1 : mosquitto - security update
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional...
6.5CVSS
7.8AI Score
0.002EPSS
7.5CVSS
6.9AI Score
0.006EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : MariaDB vulnerability (USN-6839-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6839-1 advisory. A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been...
4.9CVSS
7AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-6549-5)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-5 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...
8.8CVSS
8.5AI Score
0.024EPSS
Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6548-5)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6548-5 advisory. A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne....
8.8CVSS
8.4AI Score
0.024EPSS
Debian DSA-4401-1 : wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by...
9.8CVSS
7.1AI Score
0.956EPSS
Debian DSA-4366-1 : vlc - security update
An integer underflow was discovered in the CAF demuxer of the VLC media...
9.1CVSS
8.5AI Score
0.529EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...
7.5CVSS
7AI Score
0.0004EPSS
Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has...
8.8CVSS
8.3AI Score
0.001EPSS
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
4.3CVSS
6.9AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could...
9.1CVSS
7.4AI Score
0.006EPSS
Debian DLA-1633-1 : sqlite3 security update
Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of.....
9.8CVSS
10AI Score
0.023EPSS
Debian DSA-4371-1 : apt - security update
Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a.....
8.1CVSS
7AI Score
0.041EPSS
RHEL 7 : libvncserver (RHSA-2019:0059)
An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability.....
9.8CVSS
9.9AI Score
0.76EPSS
Microsoft Targets Android with Patent Infringement Allegations
The mobile phone wars became more interesting late on Tuesday when Microsoft publicly claimed for the first time that Google's Android operating system infringes on its intellectual property. According to sources close to the company, Microsoft believes that Android infringes on its patented...
7.1AI Score
GLSA-201903-15 : NTP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition,...
7.5CVSS
8.1AI Score
0.034EPSS
Debian DLA-1652-1 : libvncserver security update
A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed in DLA 1617-1 were found to have incomplete fixes, and have been addressed in this update. CVE-2018-15126 An attacker can cause....
9.8CVSS
10AI Score
0.76EPSS
6.5CVSS
7AI Score
0.005EPSS
9.8CVSS
9.6AI Score
0.964EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...
8.1CVSS
8AI Score
0.0004EPSS
Debian dsa-5715 : composer - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] ...
8.8CVSS
9.6AI Score
0.0004EPSS
RHEL 6 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcs: Cross-Site Request Forgery in web UI (CVE-2016-0720) Session fixation vulnerability in pcsd in pcs...
5.3CVSS
7.5AI Score
0.005EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-a58a7e2388)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-3da8ed5be3)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-08bb549a36)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS