8.8CVSS
8.8AI Score
0.379EPSS
9.8CVSS
8.9AI Score
0.028EPSS
7.8CVSS
6.8AI Score
0.032EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : snapd vulnerability (USN-4728-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4728-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.3CVSS
9.2AI Score
0.0004EPSS
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
7.8CVSS
6.7AI Score
0.006EPSS
9.8CVSS
9.6AI Score
0.013EPSS
7.5CVSS
7.9AI Score
0.57EPSS
6.5CVSS
7.4AI Score
0.003EPSS
7.5CVSS
7.8AI Score
0.003EPSS
9.8CVSS
9AI Score
0.823EPSS
4.7CVSS
6.3AI Score
0.001EPSS
7.5CVSS
6.6AI Score
0.088EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca...
7.1AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.007EPSS
9.8CVSS
9.8AI Score
0.161EPSS
Debian DSA-4382-1 : rssh - security update
Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of...
9.8CVSS
9.8AI Score
0.019EPSS
5.3CVSS
5.8AI Score
0.001EPSS
8.8CVSS
8.1AI Score
0.003EPSS
9.8CVSS
7.3AI Score
0.007EPSS
Dell Client BIOS Incorrect Authorization (DSA-2024-122)
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. Note that Nessus has not tested for this issue but has instead relied.....
6.8CVSS
6.7AI Score
0.0004EPSS
9.8CVSS
7.2AI Score
0.01EPSS
9.8CVSS
8.5AI Score
0.02EPSS
9.8CVSS
7.2AI Score
0.01EPSS
Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...
9CVSS
9.6AI Score
0.001EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
Debian DLA-1662-1 : libthrift-java security update
It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...
7.5CVSS
7.6AI Score
0.002EPSS
Debian DLA-1659-1 : drupal7 security update
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...
9.8CVSS
9.7AI Score
0.921EPSS
Debian DLA-1656-1 : agg security update
A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Since AGG only provides a static library, the desmume and exactimage packages were rebuilt against the latest security update. For...
8.8CVSS
9AI Score
0.003EPSS
Debian DSA-4379-1 : golang-1.7 - security update
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell...
8.8CVSS
8.5AI Score
0.379EPSS
Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)
The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...
7.5CVSS
7.7AI Score
0.001EPSS
5.9CVSS
7.1AI Score
0.946EPSS
7.5CVSS
8.1AI Score
0.717EPSS
GLSA-202406-02 : Flatpak: Sandbox Escape
The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.4CVSS
7.1AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
9.1CVSS
8AI Score
0.013EPSS
9.8CVSS
8.8AI Score
0.014EPSS
7.5CVSS
7.7AI Score
0.784EPSS
9.8CVSS
9AI Score
0.023EPSS
8.8CVSS
9AI Score
0.009EPSS
7.5CVSS
7.8AI Score
0.004EPSS
Debian DLA-1649-1 : spice security update
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...
7.5CVSS
7.8AI Score
0.003EPSS
Debian DLA-1661-1 : mumble security update
It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...
7.5CVSS
7.4AI Score
0.036EPSS
Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author....
6.4CVSS
5.9AI Score
0.0004EPSS
6.5CVSS
7.2AI Score
0.006EPSS
6.5CVSS
7.8AI Score
0.007EPSS
9.8CVSS
8.9AI Score
0.028EPSS
4.7CVSS
6.3AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...
9.8CVSS
10AI Score
0.518EPSS