KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...
8.8CVSS
9.4AI Score
0.967EPSS
KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
glpi -- leakage issue with knowledge base
MITRE Corporation reports: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the...
5.3CVSS
2.7AI Score
0.001EPSS
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...
6.1CVSS
6AI Score
0.001EPSS
Security Constraint Bypass in Spring Security
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...
7.5CVSS
0.2AI Score
0.001EPSS
MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version...
9.3CVSS
3.7AI Score
0.003EPSS
KB5033369: Windows 11 version 21H2 Security Update (December 2023)
The remote Windows host is missing security update 5033369. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...
8.8CVSS
8.1AI Score
0.035EPSS
KB5033427: Windows Server 2008 Security Update (December 2023)
The remote Windows host is missing security update 5033427. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) A division-by-zero error on some AMD processors can potentially return...
8.8CVSS
7.7AI Score
0.033EPSS
KB5030261: Windows Server 2008 R2 Security Update (September 2023)
The remote Windows host is missing security update 5030261. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152) ...
7.8CVSS
7AI Score
0.005EPSS
KB5007207: Windows 10 LTS 1507 Security Update (November 2021)
The Windows installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. An elevation of...
8.8CVSS
8.5AI Score
0.053EPSS
KB5007205: Windows 2022 Security Update (November 2021)
The remote Windows host is missing security update. See Vendor Advisory for...
9CVSS
7.3AI Score
0.904EPSS
KB5006675: WWindows 10 version 1507 LTS Security Update (October 2021)
The remote Windows host is missing security update 5006675. It is, therefore, affected by multiple...
8.8CVSS
7.7AI Score
0.512EPSS
KB5003687: Windows 10 version 1507 LTS Security Update (June 2021)
The remote Windows host is missing security update 5003687. It is, therefore, affected by multiple...
9.4CVSS
8.4AI Score
0.966EPSS
KB5003694: Windows 7 and Windows Server 2008 R2 Security Update (June 2021)
The remote Windows host is missing security update 5003694. It is, therefore, affected by multiple...
9.4CVSS
8.4AI Score
0.966EPSS
KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)
The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple...
9.4CVSS
8.1AI Score
0.966EPSS
The remote Windows host is missing security update 4551762. It is, therefore, affected by a remote code execution vulnerability. The vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the...
10CVSS
9.2AI Score
0.975EPSS
KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update
The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
KB5034134: Windows 10 LTS 1507 Security Update (January 2024)
The remote Windows host is missing security update 5034134. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) Windows Kerberos Security Feature...
8.8CVSS
7.4AI Score
0.004EPSS
KB5033420: Windows Server 2012 R2 Security Update (December 2023)
The remote Windows host is missing security update 5033420. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...
8.8CVSS
7.9AI Score
0.035EPSS
KB5033379: Windows 10 LTS 1507 Security Update (December 2023)
The remote Windows host is missing security update 5033379. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...
8.8CVSS
8AI Score
0.035EPSS
KB5030286: Windows Server 2008 Security Update (September 2023)
The remote Windows host is missing security update 5030286. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152) ...
7.8CVSS
7AI Score
0.005EPSS
KB5003233: Windows 7 and Windows Server 2008 R2 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
KB5003171: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update
The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
glpi -- Any CalDAV calendars is read-only for every authenticated user
MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV...
7.7CVSS
4.5AI Score
0.001EPSS
KB5034176: Windows Server 2008 Security Update (January 2024)
The remote Windows host is missing security update 5034176. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...
8.8CVSS
7.2AI Score
0.003EPSS
KB5033375: Windows 11 version 22H2 Security Update (December 2023)
The remote Windows host is missing security update 5033375. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...
8.8CVSS
8.1AI Score
0.035EPSS
KB5030213: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2023)
The remote Windows host is missing security update 5030213. It is, therefore, affected by multiple vulnerabilities DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162) Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service...
8.8CVSS
7.2AI Score
0.005EPSS
KB5006715: Windows Server 2008 Security Update (October 2021)
The remote Windows host is missing security update 5006715. It is, therefore, affected by multiple...
8.8CVSS
7.7AI Score
0.512EPSS
KB5003635: Windows 10 version 1909 Security Update (June 2021)
The remote Windows host is missing security update 5003635. It is, therefore, affected by multiple...
9.4CVSS
8.1AI Score
0.966EPSS
KB5003210: Windows Server 2008 Security Update (May 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.9CVSS
7.3AI Score
0.937EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
8.7AI Score
0.935EPSS
CVE-2024-5142 XSS in Hubshare's social module
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users...
5.7AI Score
0.0004EPSS
KB5034184: Windows Server 2012 Security Update (January 2024)
The remote Windows host is missing security update 5034184. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...
8.8CVSS
7.2AI Score
0.004EPSS
KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2023)
The remote Windows host is missing security update 5033371. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...
8.8CVSS
8AI Score
0.035EPSS
KB5033429: Windows Server 2012 Security Update (December 2023)
The remote Windows host is missing security update 5033429. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...
8.8CVSS
7.9AI Score
0.035EPSS
KB5006728: Windows 7 and Windows Server 2008 R2 Security Update (October 2021)
The remote Windows host is missing security update 5006728. It is, therefore, affected by multiple...
8.8CVSS
7.7AI Score
0.512EPSS
KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)
The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple...
9.4CVSS
8.4AI Score
0.966EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
9.9AI Score
0.935EPSS
CVE-2024-4056 Denial of service condition in M-Files Server
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing...
7.5CVSS
7.7AI Score
0.0004EPSS
RHEL 6 : dhcp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS (CVE-2016-2774) dhcp:...
7.2AI Score
0.922EPSS
KB5034171: Windows Server 2012 R2 Security Update (January 2024)
The remote Windows host is missing security update 5034171. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...
8.8CVSS
7.2AI Score
0.004EPSS
KB5033383: Windows 11 version 22H2 Security Update (December 2023)
The remote Windows host is missing security update 5033383. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...
8.8CVSS
8AI Score
0.035EPSS
KB5030279: Windows Server 2012 Security Update (September 2023)
The remote Windows host is missing security update 5030279. It is, therefore, affected by multiple vulnerabilities DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162) Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service...
7.8CVSS
7AI Score
0.005EPSS
KB5021243: Windows 10 LTS 1507 Security Update (December 2022)
The remote Windows host is missing security update 5021243. It is, therefore, affected by multiple vulnerabilities PowerShell Remote Code Execution Vulnerability (CVE-2022-41076) A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute ...
8.5CVSS
8.3AI Score
0.01EPSS
KB5003681: Windows 8.1 and Windows Server 2012 R2 Security Update (June 2021)
The remote Windows host is missing security update 5003681. It is, therefore, affected by multiple...
9.4CVSS
8.5AI Score
0.966EPSS
KB4586817: Windows Server 2008 November 2020 Security Update
The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more...
9.8CVSS
7.6AI Score
0.365EPSS
KB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update
The remote Windows host is missing security update 4483232. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...
7.5CVSS
7.8AI Score
0.047EPSS
CVE-2023-4479 Stored XSS Vulnerability in M-Files Web
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...
7.3CVSS
6.8AI Score
0.0004EPSS
KB5035919: Windows Server 2008 R2 Security Update (March 2024)
The remote Windows host is missing security update 5035919. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166) Windows USB...
8.8CVSS
7.9AI Score
0.001EPSS