CVE-2024-9681 |
Description:
Nessus Plugin ID 214799 with Medium Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of cmake / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://exam...
EPSS Score: 0.05%
January 30th, 2025 (5 months ago)
|
![]() |
Description:
Nessus Plugin ID 214800 with High Severity
Synopsis
The remote Ubuntu host is missing a security update.
Description
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7243-1 advisory. It was discovered that VLC incorrectly handled memory when reading an MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/214800
January 30th, 2025 (5 months ago)
|
CVE-2025-24085 |
Description: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
EPSS Score: 0.21%
January 30th, 2025 (5 months ago)
|
CVE-2025-0762 |
Description: Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
CVE-2024-57665 |
Description: JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
CVE-2024-57513 |
Description: A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
CVE-2024-57510 |
Description: Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
CVE-2024-57509 |
Description: Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
CVE-2024-57439 |
Description: An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.
EPSS Score: 0.05%
January 30th, 2025 (5 months ago)
|
CVE-2024-57438 |
Description: Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
EPSS Score: 0.05%
January 30th, 2025 (5 months ago)
|