Debian DLA-1700-1 : uw-imap security update
A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with...
7.5CVSS
8.2AI Score
0.969EPSS
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5560-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5560-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.6AI Score
0.01EPSS
GLSA-201903-02 : Zsh: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-201903-02 (Zsh: User-assisted execution of arbitrary code) Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the...
9.8CVSS
8.3AI Score
0.007EPSS
GLSA-201903-06 : rdesktop: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-06 (rdesktop: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in rdesktop. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of...
9.8CVSS
9.8AI Score
0.141EPSS
Debian DSA-463-1 : samba - privilege escalation
Samba, a LanManager-like file and printer server for Unix, was found to contain a vulnerability whereby a local user could use the 'smbmnt' utility, which is setuid root, to mount a file share from a remote server which contained setuid programs under the control of the user. These programs could.....
6.8AI Score
0.0004EPSS
Debian DLA-1691-1 : exiv2 security update
Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata manipulation tool. CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to denial of service. CVE-2018-19107 A heap based buffer over-read caused by an integer overflow...
6.5CVSS
7.6AI Score
0.009EPSS
GitLab 9.2 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1493)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing...
6.5CVSS
6.6AI Score
0.0004EPSS
GitLab 16.1 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4011)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows...
4.3CVSS
4.1AI Score
0.0004EPSS
GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4901)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS ...
8.7CVSS
8.2AI Score
0.0004EPSS
Fedora 29 : mingw-nettle (2019-31015766d1)
Resolves CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.7CVSS
5.6AI Score
0.001EPSS
Fedora 29 : gnutls (2019-99eefddc65)
Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.6CVSS
5.4AI Score
0.0005EPSS
Fedora 29 : wget (2019-088875c43a)
Update to upstream release 1.20.1 to fix CVE-2018-20483. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.8CVSS
9AI Score
0.0004EPSS
SCAP Windows Compliance Checks
Using the supplied credentials, this script performs a compliance check against the policy specified by SCAP...
1.6AI Score
GLSA-201903-04 : Mozilla Firefox: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-04 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice...
10CVSS
9.3AI Score
0.375EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.5AI Score
0.0005EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6779-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6779-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially...
8.9AI Score
0.0004EPSS
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : ImageMagick vulnerability (USN-6621-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6621-1 advisory. A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341) Note that Nessus has not tested for this...
6.2CVSS
6.2AI Score
0.0004EPSS
GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...
5.5CVSS
5.4AI Score
0.0004EPSS
Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...
5.5CVSS
6.1AI Score
0.004EPSS
VMware vCenter Server 7.0 < 7.0U3r / 8.0 < 8.0U2d Multiple Vulnerabilities (VMSA-2024-0012)
The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3r, or 8.0 prior to 8.0U2d. It is, therefore, affected by a partial information disclosure vulnerability as referenced in the VMSA-2024-0012 advisory: The vCenter Server contains multiple heap-overflow...
9.8CVSS
6.9AI Score
0.0004EPSS
openSUSE Security Update : python-python-gnupg (openSUSE-2019-143)
This update for python-python-gnupg to version 0.4.4 fixes the following issues : Security issue fixed : CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases ...
7.5CVSS
7.5AI Score
0.013EPSS
Fedora 28 : python3 (2019-6fafd84f5d)
Security fix for CVE-2019-5010 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
8.1AI Score
0.018EPSS
Fedora 29 : golang (2019-dbd82d0882)
Security fix for CVE-2019-6486 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.2CVSS
8.2AI Score
0.038EPSS
Using the supplied credentials, this script performs a compliance check against the policy specified by SCAP...
1AI Score
Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95975)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95975 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...
6.5AI Score
0.0004EPSS
Fedora 29 : mod_perl (2018-f6a5b71464)
This release fixes CVE-2011-2767 vulnerability (an arbitrary Perl code execution in the context of the httpd server) by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
9.8CVSS
9.7AI Score
0.008EPSS
Fedora 28 : ruby (2018-dd8162c004)
Rebase to Ruby 2.5.1. Several CVE fixes. Conflict requirement needs to generate dependency. Stop using --with-setjmp-type=setjmp on aarch64. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
9.1CVSS
7.2AI Score
0.007EPSS
5.5CVSS
6.5AI Score
0.009EPSS
5.6CVSS
7.3AI Score
0.976EPSS
6.5CVSS
6.8AI Score
0.004EPSS
The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The...
10CVSS
8.3AI Score
0.0004EPSS
Fedora 29 : curl (2019-427a0ba9e3)
xattr: strip credentials from any URL that is stored (CVE-2018-20483) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
7.8CVSS
8.8AI Score
0.0004EPSS
Fedora 29 : poppler (2019-7ff7f5093e)
Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and CVE-2018-18897. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
6.5CVSS
7.1AI Score
0.011EPSS
Fedora 29 : libjpeg-turbo (2019-ae92ca8981)
Fix for CVE-2018-20330 and CVE-2018-19664 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
8.8CVSS
7.6AI Score
0.003EPSS
Fedora 28 : python-django (2019-e6ca5847c7)
fix CVE-2019-3498 python-django: Content spoofing via URL path in Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
6.5CVSS
6.6AI Score
0.006EPSS
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....
7.1AI Score
EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : GIFLIB vulnerabilities (USN-6824-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6824-1 advisory. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this ...
8.8CVSS
7.8AI Score
0.004EPSS
Fedora 29 : matrix-synapse (2019-4d914f9257)
Fix for CVE-2019-5885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
7.5CVSS
7.6AI Score
0.006EPSS
Fedora 28 : openssh (2019-9eb0ae6296)
This update fixes CVE-2018-20685 (the first 'variant'). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.3CVSS
6.7AI Score
0.005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6782-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6782-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
9AI Score
0.0004EPSS
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...
5.3CVSS
5.3AI Score
0.0004EPSS
Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)
A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...
9.8CVSS
7.4AI Score
0.003EPSS
Fedora 28 : krb5 (2019-ac7e19b0c8)
Improve memset hygiene in one location. Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the...
5.3CVSS
5.7AI Score
0.003EPSS
KB5001028: Windows 10 version 1909 OOB Security Update (Feb 2021)
The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.5AI Score
Johnson Controls exacqVision Web Service Detection
The Johnson Controls exacqVision Web Service, a web application allowing users to use a web browser to view live video, search and play back recorded video, and control pan/tilt/zoom functions on cameras connected to exacqVision servers, is running on the remote...
2.8AI Score
Fedora 29 : pdns-recursor (2018-e14840a7f5)
Fixes CVE-2018-16855 (Crafted query can cause a denial of service) New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website....
7.5CVSS
6.6AI Score
0.605EPSS
Fedora 29 : 2:samba (2018-e423e8743f)
Update to Samba 4.9.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
6.5CVSS
6.5AI Score
0.042EPSS
Fedora 28 : libtiff (2018-d41d114d3e)
Added fixes for : CVE-2017-9935 CVE-2017-18013 CVE-2018-8905 CVE-2018-10963 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
8.8CVSS
8.1AI Score
0.007EPSS