ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...
7AI Score
0.0004EPSS
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is...
6.8AI Score
0.0004EPSS
Debian DLA-1664-1 : golang security update
It was discovered that there was a denial of service vulnerability or possibly even the ability to conduct private key recovery attacks within in the elliptic curve cryptography handling in the Go programming language libraries. For Debian 8 'Jessie', this issue has been fixed in golang version...
8.2CVSS
8.3AI Score
0.038EPSS
Operating System (OS) Detection (NTP)
Network Time Protocol (NTP) server based Operating System (OS) ...
7.3AI Score
Unix Operating System Unsupported Version Detection
According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...
7.6AI Score
Debian DLA-1749-1 : golang security update
It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For Debian 8 'Jessie', this issue has been fixed in golang version 2:1.3.3-1+deb8u2. We...
6.1CVSS
6.9AI Score
0.005EPSS
tnftpd 'ftp://' CSRF Vulnerability
tnftpd server is prone to a cross-site request forgery (CSRF)...
6.8AI Score
0.002EPSS
7.4AI Score
Unix Software Discovery Command Checks
Nessus plugins run OS commands locally on the target host to discover and characterize software that is not managed by the target operating system. This plugin runs those commands over SSH to determine whether there is any problem that might prevent the successful discovery of unmanaged software...
7.5AI Score
7.3AI Score
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd...
7.5CVSS
6.8AI Score
0.002EPSS
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is...
6.4AI Score
0.0004EPSS
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...
6.6AI Score
0.0004EPSS
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment...
5.9AI Score
0.0005EPSS
7.3AI Score
6.5CVSS
7.5AI Score
0.0004EPSS
whoami stack buffer overflow on several Unix platforms
With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...
7.7AI Score
Stack buffer overflow with whoami on several Unix platforms
With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...
7.7AI Score
NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by multiple vulnerabilities: scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are...
8.1CVSS
7.3AI Score
0.946EPSS
whoami stack buffer overflow on several Unix platforms
With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...
7.7AI Score
7.3AI Score
Operating System (OS) Detection (HTTP)
HTTP based OS detection from the HTTP/PHP banner or default test ...
7.4AI Score
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows...
7.2AI Score
0.027EPSS
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android,...
7.7AI Score
0.967EPSS
PlayStation: Remote vulnerabilities in spp
Summary A malicious PPPoE server can cause denial-of-service or potentially remote code execution in kernel context on the PS4/PS5. Heap buffer overwrite and overread in sppp_lcp_RCR and sppp_ipcp_RCR For some reason, the PS4/PS5 is vulnerable to CVE-2006-4304. By having invalid options, it is...
7.8AI Score
0.066EPSS
EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)
According to the versions of the libXfont package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)...
5.5CVSS
7.7AI Score
0.103EPSS
According to its banner, the version of OpenSSH running on the remote host is prior to version 5.9. Such versions are affected by multiple denial of service vulnerabilities : A denial of service vulnerability exists in the gss-serv.c 'ssh_gssapi_parse_ename' function. A remote attacker...
6AI Score
0.011EPSS
This plugin processes and reports on system information about the remote host detected by other plugins. This information is used by Tenable products for informational and tracking purposes. The main asset attributes processed in this plugin include: - OS - DNS Names - IP Address - MAC...
7.1AI Score
Determine OS and list of installed packages via SSH login
This script will, if given a userid/password or key to the remote system, login to that system, determine the OS it is running, and for supported systems, extract the list of installed...
7.3AI Score
Linux kernel on Intel systems is susceptible to Spectre v2 attacks
Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated.....
6.5CVSS
6.8AI Score
EPSS
RHEL 5 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...
8.8AI Score
EPSS
IKEv1 Main Mode vulnerable to brute force attacks
Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is...
5.9CVSS
5.8AI Score
0.003EPSS
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog...
5.5CVSS
6.6AI Score
0.0004EPSS
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two...
6.8AI Score
0.965EPSS
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two...
7.4AI Score
0.965EPSS
SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)
This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed : python-cffi was updated to 1.11.2 (bsc#1138748,...
7.5CVSS
7.8AI Score
0.002EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.5CVSS
7.7AI Score
0.005EPSS
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
OS Identification : Unix uname
This script attempts to identify the Operating System type and version by looking at the data returned by 'uname...
7.2AI Score
Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
The remote host is missing an update to kdelibs announced via advisory...
5.9CVSS
6.7AI Score
0.97EPSS
The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting...
9.8CVSS
9.7AI Score
0.961EPSS