Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-46901	Azure Linux 3.0 Security Update: subversion (CVE-2024-46901) Description: Nessus Plugin ID 234250 with Low Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of subversion installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46901 advisory. - Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. (CVE-2024-46901)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234250 CVSS: LOW (3.1) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2025-1795	CBL Mariner 2.0 Security Update: python3 (CVE-2025-1795) Description: Nessus Plugin ID 234295 with Low Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1795 advisory. - During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers. (CVE-2025-1795)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234295 CVSS: LOW (2.3) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2024-2313	Azure Linux 3.0 Security Update: bpftrace (CVE-2024-2313) Description: Nessus Plugin ID 234296 with Low Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of bpftrace installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2313 advisory. - If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2313)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234296 CVSS: LOW (2.8) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2025-24912	CBL Mariner 2.0 Security Update: wpa_supplicant (CVE-2025-24912) Description: Nessus Plugin ID 234297 with Low Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of wpa_supplicant installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24912 advisory. - hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server May inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234297 CVSS: LOW (3.7) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2024-2313	CBL Mariner 2.0 Security Update: bpftrace (CVE-2024-2313) Description: Nessus Plugin ID 234299 with Low Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of bpftrace installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2313 advisory. - If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2313)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234299 CVSS: LOW (2.8) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2024-46901	Debian dla-4127 : libapache2-mod-svn - security update Description: Nessus Plugin ID 234318 with Low Severity Synopsis The remote Debian host is missing a security-related update. Description The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4127 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4127-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : subversion Version : 1.14.1-3+deb11u2 CVE ID : CVE-2024-46901 Denial-of-service via control characters in paths has been fixed in the mod_dav_svn module of the version control system Subversion. For Debian 11 bullseye, this problem has been fixed in version 1.14.1-3+deb11u2. We recommend that you upgrade your subversion packages. For the detailed security status of subversion please refer to its security tracker page at: https://security-tracker.debian.org/tracker/subversion Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTSTenable has extracted the preceding description block directly from the Debian security ... CVSS: LOW (3.1) Source: Tenable Plugins April 14th, 2025 (about 2 months ago)
CVE-2024-47814	use-after-free when closing buffers in Vim Description: Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS: LOW (3.9) EPSS Score: 0.01% SSVC Exploitation: none Source: CVE April 11th, 2025 (about 2 months ago)
CVE-2025-31362	Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is... Description: Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment environment. CVSS: LOW (3.7) EPSS Score: 0.03% Source: CVE April 11th, 2025 (about 2 months ago)
CVE-2025-32816	CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity. Description: CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity. CVSS: LOW (3.1) EPSS Score: 0.03% Source: CVE April 11th, 2025 (about 2 months ago)
CVE-2024-2773	Campcodes Online Marriage Registration System search.php cross site scripting Description: A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. Es wurde eine Schwachstelle in Campcodes Online Marriage Registration System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /user/search.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: LOW (3.5) EPSS Score: 0.17% SSVC Exploitation: poc Source: CVE April 10th, 2025 (about 2 months ago)