7.8CVSS
6.6AI Score
0.0004EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
Debian DLA-1683-1 : rdesktop security update
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...
9.8CVSS
10AI Score
0.141EPSS
VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
6.9AI Score
0.001EPSS
Debian DSA-4384-1 : libgd2 - security update
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is...
9.8CVSS
9.7AI Score
0.714EPSS
Ubuntu 18.10 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3878-1)
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...
8.8CVSS
7.3AI Score
0.001EPSS
Debian DLA-1668-1 : libarchive security update
Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...
6.5CVSS
8.3AI Score
0.012EPSS
Docker Desktop < 4.5.0 Incorrect Access Control
The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
8.4CVSS
8.4AI Score
0.0005EPSS
8.8CVSS
8.1AI Score
0.005EPSS
Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)
The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.8CVSS
9.9AI Score
0.0004EPSS
9.8CVSS
8.5AI Score
0.02EPSS
7.5CVSS
6.7AI Score
0.084EPSS
5.3CVSS
6.3AI Score
0.024EPSS
Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)
The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...
4.9CVSS
6.9AI Score
0.0004EPSS
Debian DSA-4373-1 : coturn - security update
Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...
9.8CVSS
9.2AI Score
0.003EPSS
VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)
The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...
5.3CVSS
7.1AI Score
0.001EPSS
Debian DLA-1681-1 : gsoap security update
It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 'Jessie', this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend that you upgrade your gsoap packages. Thanks to Mattias Ellert...
8.1CVSS
8AI Score
0.002EPSS
Debian DSA-4402-1 : mumble - security update
It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of...
7.5CVSS
7.3AI Score
0.036EPSS
Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2900-1)
It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has....
8.1CVSS
8.7AI Score
0.974EPSS
Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)
New openssl packages are available for Slackware 14.2 to fix a security...
5.9CVSS
6.6AI Score
0.01EPSS
7.3AI Score
7.5CVSS
7.6AI Score
0.003EPSS
Microsoft Paint 3D Multiple Vulnerabilities (June 2021)
The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...
7.8CVSS
8.4AI Score
0.053EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-167)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...
5.1CVSS
6.6AI Score
0.0004EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
Debian DSA-4400-1 : openssl1.0 - security update
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...
5.9CVSS
6.6AI Score
0.01EPSS
Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6549-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-4 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...
8.8CVSS
8.5AI Score
0.024EPSS
Debian DSA-4396-1 : ansible - security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...
7.8CVSS
6.8AI Score
0.003EPSS
6.5CVSS
7AI Score
0.004EPSS
9.8CVSS
7.8AI Score
0.037EPSS
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
8.8CVSS
6.6AI Score
0.001EPSS
Debian DLA-1703-1 : jackson-databind security update
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...
9.8CVSS
9.8AI Score
0.049EPSS
VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.01EPSS
9.8CVSS
9.7AI Score
0.01EPSS
8.1CVSS
8.8AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : MariaDB vulnerability (USN-6839-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6839-1 advisory. A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been...
4.9CVSS
7AI Score
0.0005EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
6.5CVSS
7AI Score
0.005EPSS
9.8CVSS
7.9AI Score
0.016EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.011EPSS
GLSA-201903-11 : XRootD: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201903-11 (XRootD: Remote code execution) A shell command injection was discovered in XRootD. Impact : A remote attacker could execute arbitrary code. Workaround : There is no known workaround at this...
9.8CVSS
10AI Score
0.036EPSS
Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
Debian DLA-1651-1 : libgd2 security update
Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....
9.8CVSS
9.3AI Score
0.714EPSS
Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)
According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
3.8CVSS
4.2AI Score
0.0004EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
Debian DLA-1653-1 : postgis security update
It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 'Jessie', this...
7.5CVSS
7.7AI Score
0.005EPSS
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...
9.8CVSS
8AI Score
0.002EPSS