Fedora 29 : tmux (2018-e5e93f4c7b)
fixes rhbz #1652128 and #1652127 - CVE-2018-19387 tmux: NULL pointer Dereference in format_cb_pane_tabs in format.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...
8.2AI Score
0.002EPSS
Ivanti Endpoint Manager < 2022 SU4 Privilege Escalation (SA-2023-06-20)
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a...
9.8CVSS
7.5AI Score
0.006EPSS
Ollama < 0.1.34 Improper Input Validation
The version of Ollama installed on the remote host is prior to 0.1.34. It is, therefore, affected by an improper input validation vulnerability. Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the...
9.6AI Score
EPSS
GLSA-201903-09 : GNU C Library: Arbitrary descriptor allocation
The remote host is affected by the vulnerability described in GLSA-201903-09 (GNU C Library: Arbitrary descriptor allocation) A vulnerability was discovered in the GNU C Library functions xdr_bytes and xdr_string. Impact : A remote attacker, by sending a crafted UDP packet, could cause a...
7.5CVSS
6.5AI Score
0.006EPSS
9.8CVSS
9.1AI Score
0.004EPSS
7.8CVSS
8AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...
8.8CVSS
8.6AI Score
0.024EPSS
Fedora 28 : xen (2018-d3cb6f113c)
Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] fix for change in iasl output Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
5.6CVSS
6.5AI Score
0.001EPSS
Fedora 29 : icu (2018-db05d9982f)
Security fix for CVE-2018-18928 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
9.5AI Score
0.003EPSS
Fedora 29 : udisks2 (2018-f0ce9a3a35)
Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.8CVSS
7.8AI Score
0.001EPSS
Fedora 28 : libcgroup (2018-f6adf1cb62)
Fix for CVE-2018-14348. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.1CVSS
8.1AI Score
0.002EPSS
Fedora 28 : vcftools (2018-ea05fcd378)
Update to latest upstream release 0.1.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.8CVSS
6.6AI Score
0.01EPSS
Fedora 29 : adplug (2018-de3a0ba76e)
Fix double-free in CEmuopl::~CEmuopl() (#1635881, CVE-2018-17825) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
9.8CVSS
9.5AI Score
0.007EPSS
Fedora 28 : glusterfs (2018-e048a4ef13)
Security fix for CVE-2018-1088 (Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
8.1CVSS
8.1AI Score
0.008EPSS
Fedora 29 : mosquitto (2018-f80b495582)
Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
7.5CVSS
7.6AI Score
0.002EPSS
Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.1AI Score
0.004EPSS
KB5011490: Windows 10 version 17784 / Azure Stack HCI Security Update (March 2022)
The remote Windows host is missing security update 5011490. It is, therefore, missing multiple undisclosed security improvements to internal...
7.5AI Score
Debian DLA-1690-1 : liblivemedia security update
Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET....
9.8CVSS
10AI Score
0.026EPSS
VMware Fusion 12.0.x < 12.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS
Debian DLA-1671-1 : coturn security update
Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily...
9.8CVSS
9.6AI Score
0.003EPSS
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...
6.5AI Score
0.0004EPSS
Debian dsa-5718 : elpa-org - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...
7.3AI Score
0.0004EPSS
Debian DLA-1644-1 : policykit-1 security update
Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...
8.8CVSS
7.8AI Score
0.006EPSS
Debian DLA-1670-1 : ghostscript security update
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 'Jessie', this problem has...
7.8CVSS
8AI Score
0.017EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.4AI Score
0.0004EPSS
Debian DSA-4407-1 : xmltooling - security update
Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...
7.5CVSS
7.4AI Score
0.026EPSS
GitLab 16.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3115)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...
4.3CVSS
4.9AI Score
0.0004EPSS
Fedora 29 : gnupg2 (2019-75a8da28f0)
Minor update to upstream version 2.2.12 fixing moderate security issue and other bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
8.8CVSS
8.2AI Score
0.003EPSS
Wireshark 2.6.x < 2.6.6 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.6.x prior to 2.6.6. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: 6LoWPAN P_MUL RTSE ISAKMP An attacker could cause Wireshark to crash by injecting...
5.5CVSS
6.1AI Score
0.004EPSS
ManageEngine OpManager XSS (CVE-2024-36038)
A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus...
6.3CVSS
6.5AI Score
0.0004EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Debian DSA-4401-1 : wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by...
9.8CVSS
7.1AI Score
0.956EPSS
Golang < 1.21.11, 1.22.x < 1.22.4 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.21.11 or 1.22.x prior to 1.22.4. It is, therefore, is affected by multiple vulnerabilities: archive/zip: mishandling of corrupt central directory record allows for the insertion of code and contents depending on the...
9.8CVSS
7.8AI Score
0.001EPSS
Debian DLA-1699-1 : ldb security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...
6.5CVSS
6AI Score
0.007EPSS
Debian DLA-1693-1 : gpac security update
Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all buffer overflows in different functions all over the package. For Debian 8 'Jessie', these problems have been fixed in version...
7.8CVSS
8.3AI Score
0.002EPSS
Debian DSA-3531-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling...
8.8CVSS
9.5AI Score
0.289EPSS
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
4.3CVSS
6.9AI Score
0.0004EPSS
Fedora 28 : gnutls (2019-1a0d4443f8)
Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.6CVSS
5.4AI Score
0.0005EPSS
Debian DSA-4389-1 : libu2f-host - security update
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM.....
6.8CVSS
7.3AI Score
0.002EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.009EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
Debian DLA-1633-1 : sqlite3 security update
Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of.....
9.8CVSS
10AI Score
0.023EPSS
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies,...
9.1CVSS
8AI Score
0.973EPSS
Debian DSA-4397-1 : ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...
6.5CVSS
6AI Score
0.007EPSS
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5560-2)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5560-2 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.6AI Score
0.01EPSS
7.8CVSS
7.5AI Score
0.001EPSS
Debian DSA-4415-1 : passenger - security update
An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...
4.7CVSS
4.8AI Score
0.001EPSS
Debian DLA-1717-1 : rdflib security update
The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...
9.8CVSS
9.5AI Score
0.004EPSS
openSUSE Security Update : pdns-recursor (openSUSE-2019-100)
This update for pdns-recursor fixes the following issues : CVE-2019-3807: Fixed insufficient validation of DNSSEC signatures...
9.8CVSS
6.9AI Score
0.002EPSS