Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53104 |
Description:
Nessus Plugin ID 216054 with High Severity
Synopsis
The remote Red Hat host is missing one or more security updates for kernel.
Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1268 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2025:1268.
Read more at https://www.tenable.com/plugins/nessus/216054
CVSS: LOW (0.0)
February 11th, 2025 (2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216056 with High Severity
Synopsis
The remote Red Hat host is missing a security update for kernel.
Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1262 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2025:1262.
Read more at https://www.tenable.com/plugins/nessus/216056
CVSS: LOW (0.0)
February 11th, 2025 (2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216057 with High Severity
Synopsis
The remote Red Hat host is missing a security update for kernel.
Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1270 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2025:1270.
Read more at https://www.tenable.com/plugins/nessus/216057
CVSS: LOW (0.0)
February 11th, 2025 (2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216058 with High Severity
Synopsis
The remote Red Hat host is missing a security update for kernel.
Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1267 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2025:1267.
Read more at https://www.tenable.com/plugins/nessus/216058
CVSS: LOW (0.0)
February 11th, 2025 (2 months ago)
|
|
CVE-2025-24892 |
Description: OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.
CVSS: LOW (3.5) EPSS Score: 0.05%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1153 |
Description: A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component. In GNU Binutils 2.43/2.44 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion bfd_set_format der Datei format.c. Durch Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Ein Aktualisieren auf die Version 2.45 vermag dieses Problem zu lösen. Der Patch wird als 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.14%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1152 |
Description: A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." Es wurde eine problematische Schwachstelle in GNU Binutils 2.43 entdeckt. Hiervon betroffen ist die Funktion xstrdup der Datei xstrdup.c der Komponente ld. Durch die Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.19%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1151 |
Description: A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." Eine Schwachstelle wurde in GNU Binutils 2.43 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion xmemdup der Datei xmemdup.c der Komponente ld. Mit der Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1150 |
Description: A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." In GNU Binutils 2.43 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion bfd_malloc der Datei libbfd.c der Komponente ld. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1149 |
Description: A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." Es wurde eine Schwachstelle in GNU Binutils 2.43 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion xstrdup der Datei libiberty/xmalloc.c der Komponente ld. Dank der Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.09%
February 11th, 2025 (2 months ago)
|