CyberAlerts

CVE-2024-50390

QHora

Description: A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later

CVSS: HIGH (7.7)

EPSS Score: 1.25%

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2024-50066

mm/mremap: fix move_normal_pmd/retract_page_tables race

Description: In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. For PMD entries that point to page tables and are fully covered by the source address range, move_pgt_entry(NORMAL_PMD, ...) is called, which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source and destination, then moves an entire page table from the source to the destination. The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of the same tmpfs file that is stored on a tmpfs mount with huge=advise); note that process A accesses page tables through the MM while process B does it through the file rmap: process A process B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) ...

CVSS: HIGH (7.0)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2025-27597

Vue I18n Prototype Pollution in `handleFlatJson`

Description: Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.

CVSS: HIGH (8.9)

EPSS Score: 0.09%

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2025-27152

Possible SSRF and Credential Leakage via Absolute URL in axios Requests

Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2025-1887

SMB forced authentication vulnerability in Sage 200 Spain

Description: SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2025-1886

Pass-Back vulnerability in Sage 200 Spain

Description: Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

March 7th, 2025 (4 months ago)

CVE-2024-42104

Amazon Linux AMI : kernel (ALAS-2025-1963)

Description: Nessus Plugin ID 232280 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries (CVE-2024-42104)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232280

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: Tenable Plugins

March 7th, 2025 (4 months ago)

CVE-2024-42284

Amazon Linux AMI : kernel (ALAS-2025-1962)

Description: Nessus Plugin ID 232281 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232281

CVSS: HIGH (7.8)

EPSS Score: 0.03%

Source: Tenable Plugins

March 7th, 2025 (4 months ago)

CVE-2021-46828

Amazon Linux 2023 : libtirpc, libtirpc-devel (ALAS2023-2025-890)

Description: Nessus Plugin ID 232282 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-890 advisory. In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. (CVE-2021-46828)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update libtirpc --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232282

CVSS: HIGH (7.5)

Source: Tenable Plugins

March 7th, 2025 (4 months ago)

CVE-2022-42004

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889)

Description: Nessus Plugin ID 232283 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update aws-kinesis-agent --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232283

CVSS: HIGH (7.5)

Source: Tenable Plugins

March 7th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-50390	QHora Description: A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later CVSS: HIGH (7.7) EPSS Score: 1.25% Source: CVE March 7th, 2025 (4 months ago)
CVE-2024-50066	mm/mremap: fix move_normal_pmd/retract_page_tables race Description: In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. For PMD entries that point to page tables and are fully covered by the source address range, move_pgt_entry(NORMAL_PMD, ...) is called, which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source and destination, then moves an entire page table from the source to the destination. The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of the same tmpfs file that is stored on a tmpfs mount with huge=advise); note that process A accesses page tables through the MM while process B does it through the file rmap: process A process B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd * PREEMPT * madvise(MADV_COLLAPSE) ... CVSS: HIGH (7.0) EPSS Score: 0.03% SSVC Exploitation: poc Source: CVE March 7th, 2025 (4 months ago)
CVE-2025-27597	Vue I18n Prototype Pollution in `handleFlatJson` Description: Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. CVSS: HIGH (8.9) EPSS Score: 0.09% Source: CVE March 7th, 2025 (4 months ago)
CVE-2025-27152	Possible SSRF and Credential Leakage via Absolute URL in axios Requests Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. CVSS: HIGH (7.7) EPSS Score: 0.05% Source: CVE March 7th, 2025 (4 months ago)
CVE-2025-1887	SMB forced authentication vulnerability in Sage 200 Spain Description: SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE March 7th, 2025 (4 months ago)
CVE-2025-1886	Pass-Back vulnerability in Sage 200 Spain Description: Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE March 7th, 2025 (4 months ago)
CVE-2024-42104	Amazon Linux AMI : kernel (ALAS-2025-1963) Description: Nessus Plugin ID 232280 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries (CVE-2024-42104)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232280 CVSS: HIGH (7.8) EPSS Score: 0.04% Source: Tenable Plugins March 7th, 2025 (4 months ago)
CVE-2024-42284	Amazon Linux AMI : kernel (ALAS-2025-1962) Description: Nessus Plugin ID 232281 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232281 CVSS: HIGH (7.8) EPSS Score: 0.03% Source: Tenable Plugins March 7th, 2025 (4 months ago)
CVE-2021-46828	Amazon Linux 2023 : libtirpc, libtirpc-devel (ALAS2023-2025-890) Description: Nessus Plugin ID 232282 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-890 advisory. In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. (CVE-2021-46828)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update libtirpc --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232282 CVSS: HIGH (7.5) Source: Tenable Plugins March 7th, 2025 (4 months ago)
CVE-2022-42004	Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889) Description: Nessus Plugin ID 232283 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update aws-kinesis-agent --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232283 CVSS: HIGH (7.5) Source: Tenable Plugins March 7th, 2025 (4 months ago)