Fedora 28 : moodle (2018-f4910a3260)
CVE-2018-16854 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
7.5AI Score
0.009EPSS
Fedora 28 : glusterfs (2018-d873767641)
4.1.1 GA, security fix for CVE-2018-10841 4.1.0 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
7.6AI Score
0.002EPSS
Fedora 28 : 1:libvorbis (2018-def329f680)
libvorbis 1.3.6. Fixes CVE-2018-5146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
8AI Score
0.38EPSS
Fedora 29 : 1:gitolite3 (2018-d0bac4ff3b)
3.6.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.1CVSS
8AI Score
0.001EPSS
Fedora 28 : setup (2018-f47268acd5)
don't list nologin in /etc/shells (#1378893) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.3CVSS
5.5AI Score
0.001EPSS
Fedora 28 : libsoup (2018-fb2afee474)
This update backports an upstream fix for CVE-2018-12910. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
8.8AI Score
0.006EPSS
Fedora 29 : rubygem-loofah (2018-d5fcbb9ca6)
Update to Loofah 2.2.3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.4CVSS
6AI Score
0.001EPSS
Fedora 29 : exempi (2018-d8824aeec5)
Fix for CVE-2018-12648. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7.5AI Score
0.003EPSS
Fedora 28 : nettle (2018-f7d9989c42)
Security fix for CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.7CVSS
5.6AI Score
0.001EPSS
GLSA-201903-06 : rdesktop: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-06 (rdesktop: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in rdesktop. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of...
9.8CVSS
9.8AI Score
0.141EPSS
GLSA-201903-02 : Zsh: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-201903-02 (Zsh: User-assisted execution of arbitrary code) Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the...
9.8CVSS
8.3AI Score
0.007EPSS
Debian DSA-463-1 : samba - privilege escalation
Samba, a LanManager-like file and printer server for Unix, was found to contain a vulnerability whereby a local user could use the 'smbmnt' utility, which is setuid root, to mount a file share from a remote server which contained setuid programs under the control of the user. These programs could.....
6.8AI Score
0.0004EPSS
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 Identity Spoofing (7158031)
The version of IBM WebSphere Application Server running on the remote host is affected by an identity spoofing vulnerability as referenced in the 7158031 advisory. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature...
8.8CVSS
8.6AI Score
0.0004EPSS
Fedora 28 : bouncycastle (2018-e6894349c9)
Security fix for CVE-2018-1000613 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
8.7AI Score
0.006EPSS
Fedora 28 : dnsdist (2018-ef486b9e50)
Security fix for CVE-2018-14663 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.9CVSS
6.1AI Score
0.002EPSS
Fedora 28 : wesnoth (2018-dc339c6534)
Fix for CVE-2018-1999023, other bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
8.7AI Score
0.002EPSS
Fedora 28 : slurm (2018-d54c4f6452)
Security fix for CVE-2018-10995 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.3CVSS
7.5AI Score
0.003EPSS
Fedora 29 : python2 (2018-ee97fc9e81)
Security fix for CVE-2018-14647 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7AI Score
0.006EPSS
Fedora 28 : ntp (2018-e585e25b72)
Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
5.3CVSS
8AI Score
0.034EPSS
Fedora 28 : elfutils (2018-f91531043d)
DWARF5 and split dwarf, including GNU DebugFission, support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
7.8CVSS
7.6AI Score
0.001EPSS
Fedora 28 : 1:gitolite3 (2018-dc060c6f2a)
3.6.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.1CVSS
8AI Score
0.001EPSS
Fedora 28 : rubygem-loofah (2018-d716df9942)
XXS when a crafted SVG element is republished (CVE-2018-16468). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
5.4CVSS
5.7AI Score
0.001EPSS
Fedora 28 : libidn (2018-f749c70191)
Update to the latest upstream release, which fixes CVE-2017-14062. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
9.8CVSS
9.9AI Score
0.006EPSS
Fedora 28 : soundtouch (2018-f4f75985b8)
Security fix for CVE-2018-14044, CVE-2018-14045 and CVE-2018-1000223 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
8.8CVSS
8.2AI Score
0.002EPSS
Fedora 29 : gettext (2018-d6211abfb0)
fix CVE-2018-18751 (rhbz#1647044), move gettextize man to correct subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
9.8CVSS
9.7AI Score
0.027EPSS
Fedora 29 : liblouis (2018-e470c7f387)
Security fix for CVE-2018-17294 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
6.5CVSS
6.8AI Score
0.002EPSS
Debian DLA-1687-1 : sox security update
Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package. For Debian 8 'Jessie', this problem has been fixed in version 14.4.1-5+deb8u1. We recommend that you upgrade your sox packages. NOTE: Tenable Network Security has...
5.5AI Score
0.019EPSS
Debian DLA-1691-1 : exiv2 security update
Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata manipulation tool. CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to denial of service. CVE-2018-19107 A heap based buffer over-read caused by an integer overflow...
6.5CVSS
7.6AI Score
0.009EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...
7.1AI Score
EPSS
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95975)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95975 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...
6.5AI Score
0.0004EPSS
Fedora 29 : mod_perl (2018-f6a5b71464)
This release fixes CVE-2011-2767 vulnerability (an arbitrary Perl code execution in the context of the httpd server) by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
9.8CVSS
9.7AI Score
0.008EPSS
Fedora 28 : ruby (2018-dd8162c004)
Rebase to Ruby 2.5.1. Several CVE fixes. Conflict requirement needs to generate dependency. Stop using --with-setjmp-type=setjmp on aarch64. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
9.1CVSS
7.2AI Score
0.007EPSS
IBM DB2 DoS (7145726) (Windows)
According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service by an authenticated user using a specially crafted query. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
5.3CVSS
5.2AI Score
0.0004EPSS
Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...
8.8CVSS
8.9AI Score
0.007EPSS
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....
9.1CVSS
9.6AI Score
0.0004EPSS
Google Chrome < 126.0.6478.126 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...
6.8AI Score
0.0004EPSS
Google Chrome < 126.0.6478.114 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...
8.8CVSS
9.4AI Score
0.001EPSS
The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14007 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in...
7.7CVSS
7.9AI Score
0.002EPSS
GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2191)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge...
5.3CVSS
5.5AI Score
0.0005EPSS
GitLab 1.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4557)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...
6.5CVSS
6.6AI Score
0.0004EPSS
Fedora 28 : mingw-nettle (2019-01afc2352f)
Resolves CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.7CVSS
5.6AI Score
0.001EPSS
Ivanti Endpoint Manager < 2022 (CVE-2024-22058)
The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...
7.8CVSS
8.2AI Score
0.0004EPSS
Debian DSA-4367-1 : systemd - security update
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocations using the alloca function (CVE-2018-16864, CVE-2018-16865 ) and an out-of-bounds read flaw leading to an information leak (CVE-2018-16866 ), could...
7.8CVSS
7.5AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apport vulnerabilities (USN-5427-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5427-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
6.1AI Score
0.0004EPSS
GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...
5.5CVSS
5.4AI Score
0.0004EPSS
Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.1AI Score
0.004EPSS
KB5001028: Windows 10 version 1909 OOB Security Update (Feb 2021)
The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.5AI Score
Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)
A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...
9.8CVSS
7.4AI Score
0.003EPSS
Fedora 28 : krb5 (2019-ac7e19b0c8)
Improve memset hygiene in one location. Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the...
5.3CVSS
5.7AI Score
0.003EPSS
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....
7.1AI Score
EPSS