CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-53197	Linux Distros Unpatched Vulnerability : CVE-2024-53197 Description: Nessus Plugin ID 230696 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of- bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out- of-bounds accesses later, e.g. in usb_destroy_configuration. (CVE-2024-53197)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230696 Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2025-0306	Linux Distros Unpatched Vulnerability : CVE-2025-0306 Description: Nessus Plugin ID 230697 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. (CVE-2025-0306)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230697 Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-50235	Linux Distros Unpatched Vulnerability : CVE-2024-50235 Description: Nessus Plugin ID 230698 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then destroyed later, running this code again, which results in a double-free. (CVE-2024-50235)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230698 EPSS Score: 0.03% Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-53078	Linux Distros Unpatched Vulnerability : CVE-2024-53078 Description: Nessus Plugin ID 230699 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix NULL vs IS_ERR() check in probe() The iommu_paging_domain_alloc() function doesn't return NULL pointers, it returns error pointers. Update the check to match. (CVE-2024-53078)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230699 EPSS Score: 0.03% Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-49944	Linux Distros Unpatched Vulnerability : CVE-2024-49944 Description: Nessus Plugin ID 230700 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline] (CVE-2024-49944)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230700 EPSS Score: 0.03% Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2025-22376	Linux Distros Unpatched Vulnerability : CVE-2025-22376 Description: Nessus Plugin ID 230701 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. (CVE-2025-22376)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230701 Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2025-21665	Linux Distros Unpatched Vulnerability : CVE-2025-21665 Description: Nessus Plugin ID 230702 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs filesystem. (CVE-2025-21665)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230702 Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-50084	Linux Distros Unpatched Vulnerability : CVE-2024-50084 Description: Nessus Plugin ID 230703 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad (net: microchip: vcap: Fix use-after-free error in kunit test) fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm kunit_try_catch, pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d... 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................ backtrace (crc 9c09c3fe): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4 [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0400 (size 64): co... CVSS: LOW (0.0) Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-49878	Linux Distros Unpatched Vulnerability : CVE-2024-49878 Description: Nessus Plugin ID 230704 with Medium Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes System RAM (kmem) a descendant of CXL Window X. This confuses region_intersects(), which expects all System RAM resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be Operation not permitted instead of Bad address. M... EPSS Score: 0.05% Source: Tenable Plugins March 6th, 2025 (4 months ago)
CVE-2024-7545	Linux Distros Unpatched Vulnerability : CVE-2024-7545 Description: Nessus Plugin ID 230705 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23458. (CVE-2024-7545)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230705 Source: Tenable Plugins March 6th, 2025 (4 months ago)