CyberAlerts

MITRE Contract Expiration Threatens Global Vulnerability Coordination

Description: A critical U.S. government contract that underpins MITRE's stewardship of the Common Vulnerabilities and Exposures (CVE) program is set to expire today, raising concerns about potential disruptions to one of the cybersecurity industry's most vital coordination mechanisms. MITRE, the nonprofit organization that has operated the CVE system since its inception in 1999, has warned stakeholders … The post MITRE Contract Expiration Threatens Global Vulnerability Coordination appeared first on CyberInsider.

Source: CyberInsider

April 16th, 2025 (6 days ago)

Oracle Linux 8 : glibc (ELSA-2025-3828)

Description: Nessus Plugin ID 234459 with High Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3828 advisory. [2.28-251.0.3.16] - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of Oracle patches Reviewed-by: David Faust February-19-2025 Cupertino Miranda - 2.28-251.0.2.13 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi January-28-2025 Cupertino Miranda - 2.28-251.0.2.11 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi September-24-2024 Cupertino Miranda - 2.28-251.0.2.5 - Forward port of Oracle patches over 2.28-251.5 Reviewed-by: Jose E. Marchesi August-26-2024 Jose E. Marchesi - 2.28-251.0.2.4 - Forward port of Oracle patches over 2.28-251.4 Reviewed-by: David Faust May-24-2024 Cupertino Miranda - 2.28-251.0.2.2 - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches ...

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 40 : dnf (2025-21c36b3aa5)

Description: Nessus Plugin ID 234460 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-21c36b3aa5 advisory. This releases preserves enablement state of dnf-automatic.timer when upgrading to Fedora 41.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dnf package. Read more at https://www.tenable.com/plugins/nessus/234460

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 41 : golang (2025-77ace1a41b)

Description: Nessus Plugin ID 234461 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-77ace1a41b advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. [Full changelog](https://github.com/golang/go/issues?q=milestone%3AGo1.23.8+label%3ACherryPickApproved).Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected golang package. Read more at https://www.tenable.com/plugins/nessus/234461

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 41 : dotnet9.0 (2025-2edd9dc83b)

Description: Nessus Plugin ID 234462 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2edd9dc83b advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md - Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.mdTenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dotnet9.0 package. Read more at https://www.tenable.com/plugins/nessus/234462

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 41 : perl-Crypt-URandom-Token / perl-DBIx-Class-EncodedColumn (2025-0a8c805972)

Description: Nessus Plugin ID 234463 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-0a8c805972 advisory. Needed for perl-DBIx-Class-EncodedColumn-0.11Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected perl-Crypt-URandom-Token and / or perl-DBIx-Class-EncodedColumn packages. Read more at https://www.tenable.com/plugins/nessus/234463

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 41 : lemonldap-ng (2025-273b88cf62)

Description: Nessus Plugin ID 234464 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-273b88cf62 advisory. See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected lemonldap-ng package. Read more at https://www.tenable.com/plugins/nessus/234464

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 41 : podman-tui (2025-f1d2ae375e)

Description: Nessus Plugin ID 234465 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f1d2ae375e advisory. release 1.5.0Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected podman-tui package. Read more at https://www.tenable.com/plugins/nessus/234465

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 40 : mariadb10.11 (2025-e317a33d16)

Description: Nessus Plugin ID 234466 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e317a33d16 advisory. **MariaDB 10.11.11** Release notes: https://mariadb.com/kb/en/mariadb-10-11-11-release-notes/Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected 3:mariadb10.11 package. Read more at https://www.tenable.com/plugins/nessus/234466

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Fedora 40 : php-tcpdf (2025-b5809de628)

Description: Nessus Plugin ID 234467 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b5809de628 advisory. ## Version 6.9.1 (2025-04-03) - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- ## Version 6.9.0 (2025-03-30) - Added PHP 8.4 testing. - Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead). - Fix composer.json.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected php-tcpdf package. Read more at https://www.tenable.com/plugins/nessus/234467

Source: Tenable Plugins

April 16th, 2025 (6 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	MITRE Contract Expiration Threatens Global Vulnerability Coordination Description: A critical U.S. government contract that underpins MITRE's stewardship of the Common Vulnerabilities and Exposures (CVE) program is set to expire today, raising concerns about potential disruptions to one of the cybersecurity industry's most vital coordination mechanisms. MITRE, the nonprofit organization that has operated the CVE system since its inception in 1999, has warned stakeholders … The post MITRE Contract Expiration Threatens Global Vulnerability Coordination appeared first on CyberInsider. Source: CyberInsider April 16th, 2025 (6 days ago)
	Oracle Linux 8 : glibc (ELSA-2025-3828) Description: Nessus Plugin ID 234459 with High Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3828 advisory. [2.28-251.0.3.16] - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of Oracle patches Reviewed-by: David Faust February-19-2025 Cupertino Miranda - 2.28-251.0.2.13 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi January-28-2025 Cupertino Miranda - 2.28-251.0.2.11 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi September-24-2024 Cupertino Miranda - 2.28-251.0.2.5 - Forward port of Oracle patches over 2.28-251.5 Reviewed-by: Jose E. Marchesi August-26-2024 Jose E. Marchesi - 2.28-251.0.2.4 - Forward port of Oracle patches over 2.28-251.4 Reviewed-by: David Faust May-24-2024 Cupertino Miranda - 2.28-251.0.2.2 - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches ... Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 40 : dnf (2025-21c36b3aa5) Description: Nessus Plugin ID 234460 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-21c36b3aa5 advisory. This releases preserves enablement state of dnf-automatic.timer when upgrading to Fedora 41.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dnf package. Read more at https://www.tenable.com/plugins/nessus/234460 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 41 : golang (2025-77ace1a41b) Description: Nessus Plugin ID 234461 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-77ace1a41b advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. [Full changelog](https://github.com/golang/go/issues?q=milestone%3AGo1.23.8+label%3ACherryPickApproved).Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected golang package. Read more at https://www.tenable.com/plugins/nessus/234461 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 41 : dotnet9.0 (2025-2edd9dc83b) Description: Nessus Plugin ID 234462 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2edd9dc83b advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md - Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.mdTenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dotnet9.0 package. Read more at https://www.tenable.com/plugins/nessus/234462 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 41 : perl-Crypt-URandom-Token / perl-DBIx-Class-EncodedColumn (2025-0a8c805972) Description: Nessus Plugin ID 234463 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-0a8c805972 advisory. Needed for perl-DBIx-Class-EncodedColumn-0.11Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected perl-Crypt-URandom-Token and / or perl-DBIx-Class-EncodedColumn packages. Read more at https://www.tenable.com/plugins/nessus/234463 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 41 : lemonldap-ng (2025-273b88cf62) Description: Nessus Plugin ID 234464 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-273b88cf62 advisory. See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected lemonldap-ng package. Read more at https://www.tenable.com/plugins/nessus/234464 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 41 : podman-tui (2025-f1d2ae375e) Description: Nessus Plugin ID 234465 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f1d2ae375e advisory. release 1.5.0Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected podman-tui package. Read more at https://www.tenable.com/plugins/nessus/234465 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 40 : mariadb10.11 (2025-e317a33d16) Description: Nessus Plugin ID 234466 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e317a33d16 advisory. MariaDB 10.11.11 Release notes: https://mariadb.com/kb/en/mariadb-10-11-11-release-notes/Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected 3:mariadb10.11 package. Read more at https://www.tenable.com/plugins/nessus/234466 Source: Tenable Plugins April 16th, 2025 (6 days ago)
	Fedora 40 : php-tcpdf (2025-b5809de628) Description: Nessus Plugin ID 234467 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b5809de628 advisory. ## Version 6.9.1 (2025-04-03) - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- ## Version 6.9.0 (2025-03-30) - Added PHP 8.4 testing. - Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead). - Fix composer.json.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected php-tcpdf package. Read more at https://www.tenable.com/plugins/nessus/234467 Source: Tenable Plugins April 16th, 2025 (6 days ago)