CVE-2024-50293 |
Description:
Nessus Plugin ID 230865 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 (socket: Print pf->create() when it does not clear sock->sk on failure.), syzbot found an issue with AF_SMC: smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz- executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: f...
CVSS: HIGH (7.8) EPSS Score: 0.03%
March 6th, 2025 (4 months ago)
|
CVE-2024-8383 |
Description:
Nessus Plugin ID 230872 with High Severity
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.
Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. (CVE-2024-8383)Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.
Read more at https://www.tenable.com/plugins/nessus/230872
CVSS: HIGH (7.5)
March 6th, 2025 (4 months ago)
|
CVE-2025-20931 |
Description: Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
CVSS: HIGH (7.3) EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
CVE-2025-20929 |
Description: Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
CVSS: HIGH (7.3) EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
CVE-2025-20903 |
Description: Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
CVSS: HIGH (7.3) EPSS Score: 0.01%
March 6th, 2025 (4 months ago)
|
CVE-2025-27508 |
Description: Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP). These algorithms, while possibly valid for certain non-security-critical tasks, can expose users to security risks if used in scenarios where strong cryptographic guarantees are required. This issue is fixed in 8.24.0.
CVSS: HIGH (7.5) EPSS Score: 0.02%
March 5th, 2025 (4 months ago)
|
CVE-2025-27513 |
Description: OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.
CVSS: HIGH (7.5) EPSS Score: 0.06% SSVC Exploitation: none
March 5th, 2025 (4 months ago)
|
CVE-2025-27497 |
Description: Summary
A denial-of-service (DoS) vulnerability in OpenDJ has been discovered that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearch request is executed with alias dereferencing set to "always" on this alias entry, the server stops responding to all future requests.
I have confirmed this issue using the latest OpenDJ version (9.2), both with the official OpenDJ Docker image and a local OpenDJ server running on my Windows 10 machine.
Details
An unauthenticated attacker can exploit this vulnerability using a single crafted ldapsearch request. Fortunately, the server can be restarted without data corruption. While this attack requires the existence of an alias loop, I am uncertain whether such loops can be easily created in specific environments or if the method can be adapted to execute other DoS attacks more easily.
PoC (Steps to Reproduce)
Set up an OpenDJ server instance as usual, using the base DN dc=example,dc=com
Import the attached example_data_alias_dos.ldif file into the LDAP database
Ensure that the ldap3 Python library is installed (pip install ldap3)
Run the attached Python script python opendj_alias_dos.py, which searches for alias loops and executes the DoS attack
After executing the script, the server will stop responding to requests until it is restarted
Impact
This vulnerability directly affects server availability for everyone usi...
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 5th, 2025 (4 months ago)
|
CVE-2025-20206 |
Description: A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.
This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
CVSS: HIGH (7.1) EPSS Score: 0.01% SSVC Exploitation: none
March 5th, 2025 (4 months ago)
|
CVE-2025-27497 |
Description: OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service (DoS) vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearch request is executed with alias dereferencing set to "always" on this alias entry, the server stops responding to all future requests. Fortunately, the server can be restarted without data corruption. This vulnerability is fixed in 4.9.3.
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 5th, 2025 (4 months ago)
|