9.8CVSS
9.7AI Score
0.01EPSS
9.8CVSS
9.7AI Score
0.01EPSS
8.1CVSS
8.8AI Score
0.002EPSS
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...
9.8CVSS
8AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...
7.7AI Score
EPSS
OVAL Windows Compliance Checks
Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...
1.5AI Score
Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...
1.2AI Score
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...
8.1CVSS
8AI Score
0.0004EPSS
Debian DSA-4396-1 : ansible - security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...
7.8CVSS
6.8AI Score
0.003EPSS
Debian DLA-1703-1 : jackson-databind security update
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...
9.8CVSS
9.8AI Score
0.049EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...
6.5CVSS
8AI Score
0.001EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
6.5CVSS
7AI Score
0.005EPSS
9.8CVSS
9.6AI Score
0.964EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
Debian DLA-1702-1 : advancecomp security update
Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities. CVE-2018-1056 Joonun Jang discovered that the advzip tool was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial of service (application crash) or other unspecified...
7.8CVSS
7.3AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...
8.8CVSS
8.6AI Score
0.024EPSS
9.8CVSS
9.1AI Score
0.004EPSS
7.8CVSS
8AI Score
0.002EPSS
Debian DLA-1682-1 : uriparser security update
Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......
9.8CVSS
9.6AI Score
0.003EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...
7.8CVSS
7.6AI Score
EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...
6.1CVSS
7.5AI Score
0.007EPSS
Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...
8.8CVSS
8.9AI Score
0.007EPSS
Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)
According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
3.8CVSS
4.2AI Score
0.0004EPSS
GLSA-201903-09 : GNU C Library: Arbitrary descriptor allocation
The remote host is affected by the vulnerability described in GLSA-201903-09 (GNU C Library: Arbitrary descriptor allocation) A vulnerability was discovered in the GNU C Library functions xdr_bytes and xdr_string. Impact : A remote attacker, by sending a crafted UDP packet, could cause a...
7.5CVSS
6.5AI Score
0.006EPSS
Debian DLA-1699-1 : ldb security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...
6.5CVSS
6AI Score
0.007EPSS
Debian DLA-1693-1 : gpac security update
Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all buffer overflows in different functions all over the package. For Debian 8 'Jessie', these problems have been fixed in version...
7.8CVSS
8.3AI Score
0.002EPSS
Debian DSA-3531-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling...
8.8CVSS
9.5AI Score
0.043EPSS
Debian DLA-1651-1 : libgd2 security update
Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....
9.8CVSS
9.3AI Score
0.714EPSS
7.5CVSS
6.8AI Score
0.006EPSS
Debian DSA-4407-1 : xmltooling - security update
Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...
7.5CVSS
7.4AI Score
0.026EPSS
Debian DLA-1653-1 : postgis security update
It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 'Jessie', this...
7.5CVSS
7.7AI Score
0.005EPSS
GLSA-201903-15 : NTP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition,...
7.5CVSS
8.1AI Score
0.034EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...
8.5AI Score
0.0004EPSS
Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by an information disclosure vulnerability due to webhook events being sent improperly due to issues in the related JQL...
5.9CVSS
5.7AI Score
0.004EPSS
7.8CVSS
7.5AI Score
0.002EPSS
Debian DSA-4385-1 : dovecot - security update
halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else.....
7.7CVSS
6.2AI Score
0.002EPSS
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.3AI Score
0.01EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory. Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the...
7.8CVSS
8.3AI Score
0.01EPSS
Debian dsa-5715 : composer - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] ...
8.8CVSS
9.6AI Score
0.0004EPSS
RHEL 6 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcs: Cross-Site Request Forgery in web UI (CVE-2016-0720) Session fixation vulnerability in pcsd in pcs...
5.3CVSS
7.5AI Score
0.005EPSS
7.8CVSS
7.5AI Score
0.003EPSS
Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)
Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...
7.5CVSS
6.9AI Score
0.0004EPSS
ZZZCMS 1.6.1 - Remote Code Execution
ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert...
7.2CVSS
7.5AI Score
0.024EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
GLSA-201903-01 : Keepalived: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-01 (Keepalived: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially...
9.8CVSS
7.4AI Score
0.013EPSS
Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.8AI Score
0.001EPSS
Debian dsa-5718 : elpa-org - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...
7.3AI Score
0.0004EPSS
Debian DLA-1644-1 : policykit-1 security update
Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...
8.8CVSS
7.8AI Score
0.006EPSS