IID, Inc. Security Vulnerabilities
Golang < 1.21.11, 1.22.x < 1.22.4 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.21.11 or 1.22.x prior to 1.22.4. It is, therefore, is affected by multiple vulnerabilities: archive/zip: mishandling of corrupt central directory record allows for the insertion of code and contents depending on the...
9.8CVSS
7.8AI Score
0.001EPSS
GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...
5.5CVSS
5.4AI Score
0.0004EPSS
Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.1AI Score
0.004EPSS
Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...
8.8CVSS
8.9AI Score
0.007EPSS
Fedora 28 : gnutls (2019-1a0d4443f8)
Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.6CVSS
5.4AI Score
0.0005EPSS
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....
9.1CVSS
9.6AI Score
0.0004EPSS
Google Chrome < 126.0.6478.126 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...
6.8AI Score
0.0004EPSS
Google Chrome < 126.0.6478.114 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...
8.8CVSS
9.4AI Score
0.001EPSS
The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14007 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in...
7.7CVSS
7.9AI Score
0.002EPSS
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....
7.1AI Score
EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apport vulnerabilities (USN-5427-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5427-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
6.1AI Score
0.0004EPSS
Ivanti Endpoint Manager < 2022 (CVE-2024-22058)
The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...
7.8CVSS
8.2AI Score
0.0004EPSS
5.6CVSS
7.3AI Score
0.976EPSS
6.5CVSS
6.8AI Score
0.004EPSS
GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2191)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge...
5.3CVSS
5.5AI Score
0.0005EPSS
GitLab 1.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4557)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...
6.5CVSS
6.6AI Score
0.0004EPSS
Fedora 28 : mingw-nettle (2019-01afc2352f)
Resolves CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.7CVSS
5.6AI Score
0.001EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...
7.1AI Score
EPSS
Debian DSA-4367-1 : systemd - security update
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocations using the alloca function (CVE-2018-16864, CVE-2018-16865 ) and an out-of-bounds read flaw leading to an information leak (CVE-2018-16866 ), could...
7.8CVSS
7.5AI Score
0.0004EPSS
Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-062-01)
New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...
7.5CVSS
8.1AI Score
0.018EPSS
Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 RCE (2024-000004)
The version of Streamline NX Client installed on the remote host is prior to 3.231.0, 3.4.3.2, 3.5.1.202 or 3.6.2.2. It is, therefore, affected by a vulnerability as referenced in the 2024-000004 advisory. Improper restriction of communication channel to intended endpoints issue exists in Ricoh...
7.5AI Score
0.0004EPSS
Fedora 29 : matrix-synapse (2019-4d914f9257)
Fix for CVE-2019-5885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7.6AI Score
0.006EPSS
Fedora 28 : openssh (2019-9eb0ae6296)
This update fixes CVE-2018-20685 (the first 'variant'). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.3CVSS
6.7AI Score
0.005EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons ...
6.6AI Score
0.0004EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158058)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158058 advisory. IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used...
6.5CVSS
6.3AI Score
0.0004EPSS
JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal (CWE-36) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication (CWE-306)...
7.1AI Score
0.0004EPSS
7.5CVSS
8.9AI Score
0.007EPSS
7.5CVSS
7.3AI Score
0.003EPSS
Debian DSA-4415-1 : passenger - security update
An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...
4.7CVSS
4.8AI Score
0.001EPSS
Debian DLA-1717-1 : rdflib security update
The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...
9.8CVSS
9.5AI Score
0.004EPSS
GLSA-201903-16 : OpenSSH: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-16 (OpenSSH: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could overwrite arbitrary...
6.8CVSS
7.6AI Score
0.005EPSS
Debian DSA-4408-1 : liblivemedia - security update
Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP...
9.8CVSS
9.9AI Score
0.032EPSS
Slackware 14.2 / current : libssh2 (SSA:2019-077-01)
New libssh2 packages are available for Slackware 14.2 and -current to fix security...
8.8CVSS
8.2AI Score
0.046EPSS
Fedora 29 : lua (2019-ee57bda7ae)
Security fix for CVE-2019-6706. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7.7AI Score
0.03EPSS
openSUSE Security Update : pdns-recursor (openSUSE-2019-100)
This update for pdns-recursor fixes the following issues : CVE-2019-3807: Fixed insufficient validation of DNSSEC signatures...
9.8CVSS
6.9AI Score
0.002EPSS
Debian DLA-1676-1 : unbound security update
Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or...
5.3CVSS
5.5AI Score
0.004EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158071 advisory. IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. (CVE-2024-35116) Note that Nessus has not tested for this issue...
5.9CVSS
6.9AI Score
0.0005EPSS
Fedora 29 : mingw-libjpeg-turbo (2019-a018522ba3)
Security fix for CVE-2018-19664 and CVE-2018-20330. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
7.6AI Score
0.003EPSS
Fedora 29 : irssi (2019-a171d0d192)
This is an update fixing CVE-2019-5882. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
9.5AI Score
0.006EPSS
RHEL 7 : spice (RHSA-2019:0231)
An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.5CVSS
7.7AI Score
0.003EPSS
RHEL 6 : spice-server (RHSA-2019:0232)
An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability.....
7.5CVSS
7.7AI Score
0.003EPSS
Debian DSA-4369-1 : xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor : CVE-2018-19961 / CVE-2018-19962 Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks. CVE-2018-19965 Matthew Daley discovered that...
8.8CVSS
8.4AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
Kibana 8.0.x < 8.12.1 (ESA-2024-01)
The version of Kibana installed on the remote host is prior to 8.12.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-01 advisory. An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document- level security (DLS) or...
6.5CVSS
6.5AI Score
0.0005EPSS
GLSA-201903-13 : BIND: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-13 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to...
7.5CVSS
7.6AI Score
0.944EPSS
GLSA-201903-03 : cURL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-03 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service...
9.8CVSS
8.6AI Score
0.15EPSS
Rockwell Automation ThinManager ThinServer Improper Input Validation (CVE-2024-5990)
The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.4, 13.1.x prior to 13.1.2. It is therefore, affected by an improper input validation...
6.9AI Score
0.0004EPSS
Joomla! < 3.9.2 Multiple Stored XSS Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.9.2. It is, therefore, affected by multiple stored XSS vulnerabilities as a result of inadequate escaping in mod_banners and com_contacts, as well as inadequate checks in global...
6.1CVSS
5.9AI Score
0.002EPSS
Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2019-067-01)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security...
7.5CVSS
7.7AI Score
0.008EPSS