CVE-2024-50390 |
Description: A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
CVSS: HIGH (7.7) EPSS Score: 1.25%
March 7th, 2025 (4 months ago)
|
CVE-2024-50066 |
Description: In the Linux kernel, the following vulnerability has been resolved:
mm/mremap: fix move_normal_pmd/retract_page_tables race
In mremap(), move_page_tables() looks at the type of the PMD entry and the
specified address range to figure out by which method the next chunk of
page table entries should be moved.
At that point, the mmap_lock is held in write mode, but no rmap locks are
held yet. For PMD entries that point to page tables and are fully covered
by the source address range, move_pgt_entry(NORMAL_PMD, ...) is called,
which first takes rmap locks, then does move_normal_pmd().
move_normal_pmd() takes the necessary page table locks at source and
destination, then moves an entire page table from the source to the
destination.
The problem is: The rmap locks, which protect against concurrent page
table removal by retract_page_tables() in the THP code, are only taken
after the PMD entry has been read and it has been decided how to move it.
So we can race as follows (with two processes that have mappings of the
same tmpfs file that is stored on a tmpfs mount with huge=advise); note
that process A accesses page tables through the MM while process B does it
through the file rmap:
process A process B
========= =========
mremap
mremap_to
move_vma
move_page_tables
get_old_pmd
alloc_new_pmd
*** PREEMPT ***
madvise(MADV_COLLAPSE)
...
CVSS: HIGH (7.0) EPSS Score: 0.03% SSVC Exploitation: poc
March 7th, 2025 (4 months ago)
|
CVE-2025-27597 |
Description: Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
CVSS: HIGH (8.9) EPSS Score: 0.09%
March 7th, 2025 (4 months ago)
|
CVE-2025-27152 |
Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVSS: HIGH (7.7) EPSS Score: 0.05%
March 7th, 2025 (4 months ago)
|
CVE-2025-1887 |
Description: SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 7th, 2025 (4 months ago)
|
CVE-2025-1886 |
Description: Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 7th, 2025 (4 months ago)
|
CVE-2024-42104 |
Description:
Nessus Plugin ID 232280 with High Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries (CVE-2024-42104)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232280
CVSS: HIGH (7.8) EPSS Score: 0.04%
March 7th, 2025 (4 months ago)
|
CVE-2024-42284 |
Description:
Nessus Plugin ID 232281 with High Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232281
CVSS: HIGH (7.8) EPSS Score: 0.03%
March 7th, 2025 (4 months ago)
|
CVE-2021-46828 |
Description:
Nessus Plugin ID 232282 with High Severity
Synopsis
The remote Amazon Linux 2023 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-890 advisory. In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. (CVE-2021-46828)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update libtirpc --releasever 2023.6.20250303' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232282
CVSS: HIGH (7.5)
March 7th, 2025 (4 months ago)
|
CVE-2022-42004 |
Description:
Nessus Plugin ID 232283 with High Severity
Synopsis
The remote Amazon Linux 2023 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update aws-kinesis-agent --releasever 2023.6.20250303' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232283
CVSS: HIGH (7.5)
March 7th, 2025 (4 months ago)
|