Microsoft Paint 3D Multiple Vulnerabilities (June 2021)
The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...
7.8CVSS
8.4AI Score
0.053EPSS
7.8CVSS
7.5AI Score
0.003EPSS
GLSA-201903-01 : Keepalived: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-01 (Keepalived: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially...
9.8CVSS
7.4AI Score
0.013EPSS
OpenTelemetry Collector < 0.102.1 DoS
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue.....
8.2CVSS
7.7AI Score
0.001EPSS
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the July 2016 CPU...
7.5CVSS
7.4AI Score
0.005EPSS
SolarWinds Serv-U 15.4.2 < 15.4.3
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4.2 HF2. It is, therefore, affected by a vulnerability as referenced in the solarwinds_serv-u_15_4_2_hf_2 advisory. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to...
8.6CVSS
7.9AI Score
0.343EPSS
Wireshark 2.2.x < 2.2.17 / 2.4.x < 2.4.9 / 2.6.x < 2.6.3 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is 2.2.x prior to 2.2.17 / 2.4.x prior to 2.4.9 / 2.6.x prior to 2.6.3. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: Bluetooth Attribute Protocol Radiotap ...
7.5CVSS
7.9AI Score
0.004EPSS
Debian DSA-4389-1 : libu2f-host - security update
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM.....
6.8CVSS
7.3AI Score
0.002EPSS
Debian DSA-4406-1 : waagent - security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...
6.5CVSS
6.5AI Score
0.003EPSS
Debian DLA-1651-1 : libgd2 security update
Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....
9.8CVSS
9.3AI Score
0.714EPSS
6.5CVSS
7AI Score
0.004EPSS
Debian DSA-4397-1 : ldb - security update
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...
6.5CVSS
6AI Score
0.007EPSS
7.8CVSS
7.5AI Score
0.001EPSS
Debian DLA-1675-1 : python-gnupg security update
Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....
7.5CVSS
7.4AI Score
0.013EPSS
9.8CVSS
9.1AI Score
0.004EPSS
7.8CVSS
8AI Score
0.002EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...
6.5CVSS
8AI Score
0.001EPSS
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
8.8CVSS
6.6AI Score
0.001EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
5.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...
7.8CVSS
8.3AI Score
0.01EPSS
VMware Fusion 12.0.x < 12.2.1 Multiple Vulnerabilities (VMSA-2022-0004)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
7AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6549-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-4 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...
8.8CVSS
8.5AI Score
0.024EPSS
Debian DLA-1670-1 : ghostscript security update
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 'Jessie', this problem has...
7.8CVSS
8AI Score
0.017EPSS
9.8CVSS
7.9AI Score
0.016EPSS
6.5CVSS
7AI Score
0.005EPSS
4.7CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.011EPSS
KB5012589: Windows Azure Stack HCI Security Update (April 2022)
The remote Windows host is missing security update 5012589. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...
7.6AI Score
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.7CVSS
8.1AI Score
0.024EPSS
Debian DSA-4407-1 : xmltooling - security update
Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...
7.5CVSS
7.4AI Score
0.026EPSS
7.8CVSS
7.5AI Score
0.002EPSS
Debian DSA-4385-1 : dovecot - security update
halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else.....
7.7CVSS
6.2AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : MariaDB vulnerability (USN-6839-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6839-1 advisory. A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been...
4.9CVSS
7AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
Debian DSA-4388-1 : mosquitto - security update
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional...
6.5CVSS
7.8AI Score
0.002EPSS
7.5CVSS
6.9AI Score
0.006EPSS
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...
9.8CVSS
8AI Score
0.002EPSS
Ubuntu 22.04 LTS / 23.04 / 23.10 : Ghostscript vulnerability (USN-6551-1)
The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6551-1 advisory. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to...
7.5CVSS
7.5AI Score
0.001EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...
7.5CVSS
7AI Score
0.0004EPSS
Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has...
8.8CVSS
8.3AI Score
0.001EPSS
Debian DSA-4401-1 : wordpress - security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by...
9.8CVSS
7.1AI Score
0.956EPSS
GLSA-201903-08 : GNU Wget: Password and metadata leak
The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak) A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c. Impact : A local attacker could obtain sensitive information to include credentials. Workaround :...
7.8CVSS
8.4AI Score
0.0004EPSS
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
4.3CVSS
6.9AI Score
0.0004EPSS
Debian DLA-1633-1 : sqlite3 security update
Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of.....
9.8CVSS
10AI Score
0.023EPSS
Debian DSA-4413-1 : ntfs-3g - security update
A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege...
7CVSS
7.2AI Score
0.0004EPSS
Slackware 14.2 / current : mozilla-firefox (SSA:2019-081-01)
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security...
8.8CVSS
9.2AI Score
0.952EPSS
ghostscript-CVE-2023-43115 A small write-up with examples to...
8.8CVSS
6.5AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : PHP vulnerability (USN-6841-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6841-1 advisory. It was discovered that PHP could early return in the filter_var function resulting in invalid user information being treated as...
5.3CVSS
5.7AI Score
0.001EPSS
Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-6548-4)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6548-4 advisory. A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne....
8.8CVSS
8.4AI Score
0.024EPSS
Debian DLA-1652-1 : libvncserver security update
A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed in DLA 1617-1 were found to have incomplete fixes, and have been addressed in this update. CVE-2018-15126 An attacker can cause....
9.8CVSS
10AI Score
0.76EPSS