9.6CVSS
8.7AI Score
0.009EPSS
7.8CVSS
6.6AI Score
0.0004EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
Debian DLA-1683-1 : rdesktop security update
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...
9.8CVSS
10AI Score
0.141EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-167)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...
5.1CVSS
6.6AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-1 advisory. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the...
4.4CVSS
9.6AI Score
0.0004EPSS
VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
6.9AI Score
0.001EPSS
Debian DLA-1668-1 : libarchive security update
Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...
6.5CVSS
8.3AI Score
0.012EPSS
Ubuntu 18.10 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3878-1)
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...
8.8CVSS
7.3AI Score
0.001EPSS
Docker Desktop < 4.5.0 Incorrect Access Control
The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
8.4CVSS
8.4AI Score
0.0005EPSS
9.8CVSS
7.8AI Score
0.037EPSS
Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)
The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.8CVSS
9.9AI Score
0.0004EPSS
Debian DLA-1641-1 : mxml security update
Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. CVE-2016-4571 The mxml_write_node function in...
8.8CVSS
6.5AI Score
0.01EPSS
Debian DLA-1682-1 : uriparser security update
Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......
9.8CVSS
9.6AI Score
0.003EPSS
Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)
The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...
4.9CVSS
6.9AI Score
0.0004EPSS
Debian DLA-1681-1 : gsoap security update
It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 'Jessie', this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend that you upgrade your gsoap packages. Thanks to Mattias Ellert...
8.1CVSS
8AI Score
0.002EPSS
Debian DSA-4373-1 : coturn - security update
Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...
9.8CVSS
9.2AI Score
0.003EPSS
Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)
According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
3.8CVSS
4.2AI Score
0.0004EPSS
Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)
New openssl packages are available for Slackware 14.2 to fix a security...
5.9CVSS
6.6AI Score
0.01EPSS
Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2900-1)
It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has....
8.1CVSS
8.7AI Score
0.974EPSS
Debian DLA-1653-1 : postgis security update
It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 'Jessie', this...
7.5CVSS
7.7AI Score
0.005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory. Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the...
7.8CVSS
8.3AI Score
0.01EPSS
7.5CVSS
7.6AI Score
0.003EPSS
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
8.8CVSS
6.6AI Score
0.001EPSS
Debian DLA-1702-1 : advancecomp security update
Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities. CVE-2018-1056 Joonun Jang discovered that the advzip tool was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial of service (application crash) or other unspecified...
7.8CVSS
7.3AI Score
0.001EPSS
Microsoft Paint 3D Multiple Vulnerabilities (June 2021)
The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...
7.8CVSS
8.4AI Score
0.053EPSS
Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)
Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...
7.5CVSS
6.9AI Score
0.0004EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
Debian DSA-4396-1 : ansible - security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...
7.8CVSS
6.8AI Score
0.003EPSS
6.5CVSS
7AI Score
0.004EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.4AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.003EPSS
ManageEngine OpManager XSS (CVE-2024-36038)
A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus...
6.3CVSS
6.5AI Score
0.0004EPSS
Debian DLA-1703-1 : jackson-databind security update
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...
9.8CVSS
9.8AI Score
0.049EPSS
6.5CVSS
7AI Score
0.005EPSS
9.8CVSS
7.9AI Score
0.016EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.011EPSS
Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
GLSA-201903-11 : XRootD: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201903-11 (XRootD: Remote code execution) A shell command injection was discovered in XRootD. Impact : A remote attacker could execute arbitrary code. Workaround : There is no known workaround at this...
9.8CVSS
10AI Score
0.036EPSS
VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS
Debian DSA-4389-1 : libu2f-host - security update
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM.....
6.8CVSS
7.3AI Score
0.002EPSS
SolarWinds Serv-U 15.4.2 < 15.4.3
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4.2 HF2. It is, therefore, affected by a vulnerability as referenced in the solarwinds_serv-u_15_4_2_hf_2 advisory. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to...
8.6CVSS
7.9AI Score
0.343EPSS
Debian DLA-1651-1 : libgd2 security update
Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....
9.8CVSS
9.3AI Score
0.714EPSS
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
9.8CVSS
9.1AI Score
0.004EPSS
7.8CVSS
8AI Score
0.002EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
Debian DSA-4397-1 : ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...
6.5CVSS
6AI Score
0.007EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...
6.5CVSS
8AI Score
0.001EPSS