IID, Inc. Security Vulnerabilities
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...
7.8AI Score
0.0004EPSS
GLSA-202406-05 : JHead: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
9.8CVSS
7.5AI Score
0.002EPSS
Debian DSA-4378-1 : php-pear - security update
Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary...
8.8CVSS
8.7AI Score
0.007EPSS
Dell Client BIOS DoS (DSA-2024-168)
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...
4.7CVSS
6.8AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.014EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...
7.8CVSS
7.6AI Score
EPSS
7.5CVSS
8.1AI Score
0.717EPSS
5.9CVSS
7.1AI Score
0.946EPSS
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...
9.8CVSS
10AI Score
0.518EPSS
Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.8AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to...
8.8CVSS
7.9AI Score
0.003EPSS
Slackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2019-011-01)
New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...
9.8CVSS
9AI Score
0.006EPSS
Debian DLA-1632-1 : libsndfile security update
A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of service (out of bounds read and application crash). For Debian 8 'Jessie', this problem has...
6.5CVSS
5.7AI Score
0.002EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...
8.5AI Score
0.0004EPSS
7.8CVSS
6.8AI Score
0.006EPSS
9.8CVSS
9AI Score
0.023EPSS
7.8CVSS
7.9AI Score
0.001EPSS
9.8CVSS
7.8AI Score
0.037EPSS
Debian DLA-1685-1 : drupal7 security update
Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in....
9.8CVSS
8.3AI Score
0.921EPSS
Debian DLA-1681-1 : gsoap security update
It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 'Jessie', this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend that you upgrade your gsoap packages. Thanks to Mattias Ellert...
8.1CVSS
8AI Score
0.002EPSS
7.5CVSS
6.9AI Score
0.006EPSS
7.5CVSS
6.9AI Score
0.006EPSS
5.5CVSS
5.3AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.006EPSS
7.8CVSS
7.9AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.379EPSS
9.8CVSS
9.8AI Score
0.39EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.2AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...
6.1CVSS
7.5AI Score
0.007EPSS
GLSA-202406-04 : LZ4: Memory Corruption
The remote host is affected by the vulnerability described in GLSA-202406-04 (LZ4: Memory Corruption) An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an...
9.8CVSS
7.1AI Score
0.001EPSS
Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-174-01)
The version of emacs installed on the remote host is prior to 29.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-174-01 advisory. New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
7.3AI Score
Debian DLA-1658-1 : phpmyadmin security update
A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin...
6.5CVSS
7AI Score
0.307EPSS
Debian DSA-4394-1 : rdesktop - security update
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary...
9.8CVSS
9.5AI Score
0.141EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-1 advisory. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the...
4.4CVSS
9.6AI Score
0.0004EPSS
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
6.1AI Score
0.001EPSS
Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...
9.8CVSS
7.6AI Score
0.15EPSS
Debian DSA-4396-1 : ansible - security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...
7.8CVSS
6.8AI Score
0.003EPSS
Debian DSA-4377-1 : rssh - security update
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...
7.8CVSS
8.8AI Score
0.0004EPSS
Debian DLA-1650-1 : rssh security update
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...
7.8CVSS
8.8AI Score
0.0004EPSS
Debian DLA-1692-1 : phpmyadmin security update
An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration. When the AllowArbitraryServer configuration setting is set to false (default), the attacker.....
5.9CVSS
5.8AI Score
0.152EPSS
Debian DLA-1686-1 : freedink-dfarc security update
Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the user's system. For Debian 8 'Jessie', this problem has been fixed in version 3.12-1+deb8u1......
7.5CVSS
7.5AI Score
0.003EPSS
Debian DSA-2929-1 : ruby-actionpack-3.2 - security update
Several vulnerabilities were discovered in Action Pack, a component of Ruby on Rails. CVE-2014-0081 actionview/lib/action_view/helpers/number_helper.rb contains multiple cross-site scripting vulnerabilities CVE-2014-0082 actionpack/lib/action_view/template/text.rb performs ...
6.6AI Score
0.029EPSS
Debian DLA-1703-1 : jackson-databind security update
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...
9.8CVSS
9.8AI Score
0.049EPSS
9.6CVSS
8.7AI Score
0.009EPSS
GLSA-201903-11 : XRootD: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201903-11 (XRootD: Remote code execution) A shell command injection was discovered in XRootD. Impact : A remote attacker could execute arbitrary code. Workaround : There is no known workaround at this...
9.8CVSS
10AI Score
0.036EPSS
8.8CVSS
8.1AI Score
0.005EPSS
Docker Desktop < 4.5.0 Incorrect Access Control
The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
8.4CVSS
8.4AI Score
0.0005EPSS
Debian DSA-4384-1 : libgd2 - security update
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is...
9.8CVSS
9.7AI Score
0.714EPSS
VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS