diff --git a/plugins/system/debsecan b/plugins/system/debsecan
index 5f63e679..e52ac2f1 100755
--- a/plugins/system/debsecan
+++ b/plugins/system/debsecan
@@ -13,6 +13,8 @@ system (using debsecan). Might work on other distib, who knows...
     env.suite jessie
     env.fixed_warn 1
     env.fixed_critical 1000
+    env.remote_warn 1
+    env.remote_critical 10
 
 =head1 AUTHORS
 
@@ -35,26 +37,28 @@ if [ "$1" = "autoconf" ] ; then
   if [ -x /usr/bin/debsecan ]; then
     echo yes
   else
-    echo no
+    echo 'no (/usr/bin/debsecan not found)'
   fi
   exit 0
 fi
 
 # Fail if we don't have debsecan
 if [ ! -x /usr/bin/debsecan ]; then
+  echo 'error: /usr/bin/debsecan not found' >&2
   exit 1
 fi
 
 # Determine suite from filename...
-SUITE=`echo $0 | sed 's/.*_//'`
-if [ ${SUITE} = ${0} ]; then
+SUITE=$(echo "$0" | sed 's/.*_//')
+if [ "${SUITE}" = "${0}" ]; then
 	# ...or fall back onto configuration in environment
 	SUITE=${suite:-sid}
 fi
 FIXEDWARN=${fixed_warning:-1}
 FIXEDCRIT=${fixed_critical:-1000}
+REMOTEWARN=${remote_warning:-1}
+REMOTECRIT=${remote_critical:-10}
 
-CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)"
 if [ "$1" = "config" ] ; then
   cat <<EOF_
 graph_title DebSecan : vulnerabilities for ${SUITE}
@@ -63,14 +67,22 @@ graph_vlabel number of CVE
 graph_category system
 graph_period second
 graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details.
+remote.label remote
+remote.colour FF0000
+remote.type GAUGE
+remote.draw AREASTACK
+remote.min 0
+remote.info The number of remotely exploitable CVEs with any priority
+remote.warning ${REMOTEWARN}
+remote.critical ${REMOTECRIT}
 high.label high
-high.colour FF0000
+high.colour DD2200
 high.type GAUGE
 high.draw AREASTACK
 high.min 0
 high.info The number of CVEs marked high priority
 medium.label medium
-medium.colour FFA500
+medium.colour FFAA00
 medium.type GAUGE
 medium.draw AREASTACK
 medium.min 0
@@ -82,7 +94,7 @@ low.draw AREASTACK
 low.min 0
 low.info The number of CVEs marked low priority
 other.label other
-other.colour 00A5FF
+other.colour 00AAFF
 other.type GAUGE
 other.draw AREASTACK
 other.min 0
@@ -98,37 +110,38 @@ EOF_
   exit 0
 fi
 
+ALL=$(debsecan --suite "${SUITE}" 2> /dev/null)
+REMOTE=$(echo "$ALL" | grep 'remotely')
+NONREMOTE=$(echo "$ALL" | grep -v 'remotely')
+
+HIGH=$(echo "${NONREMOTE}" | grep 'high urgency')
+MEDIUM=$(echo "${NONREMOTE}" | grep 'medium urgency')
+LOW=$(echo "${NONREMOTE}" | grep 'low urgency')
+OTHER=$(echo "${NONREMOTE}" | grep -v 'urgency')
+FIXED=$(echo "${ALL}" | grep '(fixed')
+
+remote_count=$(echo "${REMOTE}" | wc -l)
+high_count=$(echo "${HIGH}" | wc -l)
+medium_count=$(echo "${MEDIUM}" | wc -l)
+low_count=$(echo "${LOW}" | wc -l)
+other_count=$(echo "${OTHER}" | wc -l)
+fixed_count=$(echo "${FIXED}" | wc -l)
+
 CVECOUNTRE="s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/"
 
-OUT=`mktemp -t debsecan.XXXXXX`
-HIGH=`mktemp -t debsecan.XXXXXX`
-MEDIUM=`mktemp -t debsecan.XXXXXX`
-LOW=`mktemp -t debsecan.XXXXXX`
-OTHER=`mktemp -t debsecan.XXXXXX`
-FIXED=`mktemp -t debsecan.XXXXXX`
-debsecan --suite ${SUITE} 2> /dev/null > ${OUT}
-grep 'high urgency' ${OUT} > ${HIGH}
-grep 'medium urgency' ${OUT} > ${MEDIUM}
-grep 'low urgency)' ${OUT} > ${LOW}
-grep '(fixed' ${OUT} > ${FIXED}
-
-high=`cat ${HIGH} | wc -l`
-medium=`cat ${MEDIUM} | wc -l`
-low=`cat ${LOW} | wc -l`
-other=`cat ${OTHER} | wc -l`
-fixed=`cat ${FIXED} | wc -l`
-
+# shellcheck disable=SC2005 disable=SC2046
+# The nested $(echo ...)s are needed to yet the newlines
 cat <<EOF
-high.value $high
-high.extinfo `echo $(cut -f 2 -d" " ${HIGH} | uniq -c | sort -nr | sed  "${CVECOUNTRE}")`
-medium.value $medium
-medium.extinfo `echo $(cut -f 2 -d" " ${MEDIUM} | uniq -c | sort -nr | sed  "${CVECOUNTRE}")`
-low.value $low
-low.extinfo `echo $(cut -f 2 -d" " ${LOW} | uniq -c | sort -nr | sed  "${CVECOUNTRE}")`
-other.value $other
-other.extinfo `echo $(cut -f 2 -d" " ${OTHER} | uniq -c | sort -nr | sed  "${CVECOUNTRE}")`
-fixed.value $fixed
-fixed.extinfo `echo $(cut -f 2 -d" " ${FIXED} | uniq -c | sort -nr | sed  "${CVECOUNTRE}")`
+remote.value $remote_count
+remote.extinfo $(echo $(echo "${REMOTE}" | cut -f 2 -d " "| uniq -c | sort -nr | sed "${CVECOUNTRE}"))
+high.value $high_count
+high.extinfo $(echo $(echo "${HIGH}" | cut -f 2 -d " " | uniq -c | sort -nr | sed "${CVECOUNTRE}"))
+medium.value $medium_count
+medium.extinfo $(echo $(echo "${MEDIUM}" | cut -f 2 -d " " | uniq -c | sort -nr | sed "${CVECOUNTRE}"))
+low.value $low_count
+low.extinfo $(echo $(echo "${LOW}" | cut -f 2 -d " " | uniq -c | sort -nr | sed "${CVECOUNTRE}"))
+other.value $other_count
+other.extinfo $(echo $(echo "${OTHER}" | cut -f 2 -d " " | uniq -c | sort -nr | sed "${CVECOUNTRE}"))
+fixed.value $fixed_count
+fixed.extinfo $(echo $(echo "${FIXED}" | cut -f 2 -d " " | uniq -c | sort -nr | sed "${CVECOUNTRE}"))
 EOF
-
-rm -f ${OUT} ${HIGH} ${MEDIUM} ${LOW} ${FIXED} ${OTHER}