CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-9681

Description: Nessus Plugin ID 214799 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of cmake / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://exam...

EPSS Score: 0.05%

Source: Tenable Plugins
January 30th, 2025 (5 months ago)
Description: Nessus Plugin ID 214800 with High Severity Synopsis The remote Ubuntu host is missing a security update. Description The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7243-1 advisory. It was discovered that VLC incorrectly handled memory when reading an MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214800
Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2025-24085

Description: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

EPSS Score: 0.21%

Source: CISA KEV
January 30th, 2025 (5 months ago)

CVE-2025-0762

Description: Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57665

Description: JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57513

Description: A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57510

Description: Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57509

Description: Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57439

Description: An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

EPSS Score: 0.05%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2024-57438

Description: Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.

EPSS Score: 0.05%

Source: CVE
January 30th, 2025 (5 months ago)