IID, Inc. Security Vulnerabilities
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...
8.8CVSS
8.6AI Score
0.024EPSS
Fedora 28 : xen (2018-d3cb6f113c)
Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] fix for change in iasl output Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
5.6CVSS
6.5AI Score
0.001EPSS
Fedora 29 : icu (2018-db05d9982f)
Security fix for CVE-2018-18928 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
9.5AI Score
0.003EPSS
Fedora 29 : udisks2 (2018-f0ce9a3a35)
Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.8CVSS
7.8AI Score
0.001EPSS
Fedora 28 : libcgroup (2018-f6adf1cb62)
Fix for CVE-2018-14348. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.1CVSS
8.1AI Score
0.002EPSS
Fedora 28 : vcftools (2018-ea05fcd378)
Update to latest upstream release 0.1.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.8CVSS
6.6AI Score
0.01EPSS
Fedora 29 : adplug (2018-de3a0ba76e)
Fix double-free in CEmuopl::~CEmuopl() (#1635881, CVE-2018-17825) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
9.8CVSS
9.5AI Score
0.007EPSS
Fedora 28 : glusterfs (2018-e048a4ef13)
Security fix for CVE-2018-1088 (Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
8.1CVSS
8.1AI Score
0.008EPSS
Fedora 29 : mosquitto (2018-f80b495582)
Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
7.5CVSS
7.6AI Score
0.002EPSS
KB5011490: Windows 10 version 17784 / Azure Stack HCI Security Update (March 2022)
The remote Windows host is missing security update 5011490. It is, therefore, missing multiple undisclosed security improvements to internal...
7.5AI Score
Debian DLA-1690-1 : liblivemedia security update
Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET....
9.8CVSS
10AI Score
0.026EPSS
Debian DLA-1671-1 : coturn security update
Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily...
9.8CVSS
9.6AI Score
0.003EPSS
Debian DLA-1704-1 : nss security update
Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack CVE-2018-18508 NULL pointer dereference in several CMS functions resulting in a denial of service For Debian 8 'Jessie', these problems.....
6.5CVSS
7.3AI Score
0.102EPSS
Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.1AI Score
0.004EPSS
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...
6.5AI Score
0.0004EPSS
Debian dsa-5718 : elpa-org - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...
7.3AI Score
0.0004EPSS
Debian DLA-1644-1 : policykit-1 security update
Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...
8.8CVSS
7.8AI Score
0.006EPSS
Wireshark 2.6.x < 2.6.6 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is 2.6.x prior to 2.6.6. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: 6LoWPAN P_MUL RTSE ISAKMP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.2AI Score
0.004EPSS
GitLab 16.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3115)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...
4.3CVSS
4.9AI Score
0.0004EPSS
Fedora 29 : gnupg2 (2019-75a8da28f0)
Minor update to upstream version 2.2.12 fixing moderate security issue and other bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
8.8CVSS
8.2AI Score
0.003EPSS
Wireshark 2.6.x < 2.6.6 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.6.x prior to 2.6.6. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: 6LoWPAN P_MUL RTSE ISAKMP An attacker could cause Wireshark to crash by injecting...
5.5CVSS
6.1AI Score
0.004EPSS
ManageEngine OpManager XSS (CVE-2024-36038)
A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus...
6.3CVSS
6.5AI Score
0.0004EPSS
Golang < 1.21.11, 1.22.x < 1.22.4 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.21.11 or 1.22.x prior to 1.22.4. It is, therefore, is affected by multiple vulnerabilities: archive/zip: mishandling of corrupt central directory record allows for the insertion of code and contents depending on the...
9.8CVSS
7.8AI Score
0.001EPSS
Debian DLA-1699-1 : ldb security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...
6.5CVSS
6AI Score
0.007EPSS
Debian DLA-1693-1 : gpac security update
Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all buffer overflows in different functions all over the package. For Debian 8 'Jessie', these problems have been fixed in version...
7.8CVSS
8.3AI Score
0.002EPSS
Debian DSA-3531-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling...
8.8CVSS
9.5AI Score
0.289EPSS
Debian DSA-3558-1 : openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information...
9.8CVSS
8.1AI Score
0.49EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.009EPSS
Fedora 28 : gnutls (2019-1a0d4443f8)
Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.6CVSS
5.4AI Score
0.0005EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
Debian DSA-4389-1 : libu2f-host - security update
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM.....
6.8CVSS
7.3AI Score
0.002EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5562-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5562-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw...
7.8CVSS
8.3AI Score
0.01EPSS
Debian DSA-4397-1 : ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...
6.5CVSS
6AI Score
0.007EPSS
Debian DSA-4415-1 : passenger - security update
An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...
4.7CVSS
4.8AI Score
0.001EPSS
Debian DLA-1717-1 : rdflib security update
The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...
9.8CVSS
9.5AI Score
0.004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...
7.5AI Score
0.0004EPSS
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5560-2)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5560-2 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.6AI Score
0.01EPSS
7.8CVSS
7.5AI Score
0.001EPSS
openSUSE Security Update : pdns-recursor (openSUSE-2019-100)
This update for pdns-recursor fixes the following issues : CVE-2019-3807: Fixed insufficient validation of DNSSEC signatures...
9.8CVSS
6.9AI Score
0.002EPSS
Fedora 29 : lua (2019-ee57bda7ae)
Security fix for CVE-2019-6706. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7.7AI Score
0.03EPSS
Debian DSA-4700-1 : roundcube - security update
Matei Badanoiu and LoRexxar@knownsec discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary...
6.1CVSS
6.4AI Score
0.056EPSS
Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by an information disclosure vulnerability due to webhook events being sent improperly due to issues in the related JQL...
5.9CVSS
5.7AI Score
0.004EPSS
Debian DSA-4412-1 : drupal7 - security update
It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For additional information, please refer to the upstream advisory at...
5.4CVSS
5.7AI Score
0.682EPSS
Kibana 8.0.x < 8.12.1 (ESA-2024-01)
The version of Kibana installed on the remote host is prior to 8.12.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-01 advisory. An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document- level security (DLS) or...
6.5CVSS
6.5AI Score
0.0005EPSS
RHEL 6 : vertx-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) Note that...
5.4CVSS
6.9AI Score
0.0004EPSS
Slackware 14.0 / 14.1 / 14.2 / current : infozip (SSA:2019-060-01)
New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...
7.8CVSS
6.9AI Score
0.012EPSS
RHEL 7 : spice (RHSA-2019:0231)
An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.5CVSS
7.7AI Score
0.003EPSS
RHEL 6 : spice-server (RHSA-2019:0232)
An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability.....
7.5CVSS
7.7AI Score
0.003EPSS
Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2019-067-01)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security...
7.5CVSS
7.7AI Score
0.008EPSS