CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27534
arkcompiler_ets_runtime has an out-of-bounds read vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-25057
third_party_NuttX has a memory leak vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-24304
arkcompiler_ets_runtime has an out-of-bounds write vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-22842
arkcompiler_ets_runtime has an out-of-bounds read vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-22452
arkcompiler_ets_runtime has an out-of-bounds read vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-20102
arkcompiler_ets_runtime has an out-of-bounds read vulnerability
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
April 7th, 2025 (3 months ago)

CVE-2025-32366
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and...
Description: In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen).

CVSS: LOW (3.7)

EPSS Score: 0.06%

Source: CVE
April 6th, 2025 (3 months ago)

CVE-2024-45337
SUSE SLES12 Security Update : google-guest-agent (SUSE-SU-2025:1142-1)
Description: Nessus Plugin ID 233885 with Critical Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1142-1 advisory. - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata scrip...

CVSS: LOW (0.0)

Source: Tenable Plugins
April 5th, 2025 (3 months ago)

CVE-2024-45337
SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2025:1143-1)
Description: Nessus Plugin ID 233886 with Critical Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1143-1 advisory. - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce ...

CVSS: LOW (0.0)

Source: Tenable Plugins
April 5th, 2025 (3 months ago)

CVE-2024-42208
HCL Connections is vulnerable to an information disclosure vulnerability
Description: HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
April 4th, 2025 (3 months ago)