CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2021-36090	Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841) Description: Nessus Plugin ID 216815 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update apache-commons-compress --releasever 2023.6.20250211' to update your system. Read more at https://www.tenable.com/plugins/nessus/216815 Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-11079	Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-860) Description: Nessus Plugin ID 216816 with Medium Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-860 advisory. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. (CVE-2024-11079)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update ansible-core --releasever 2023.6.20250218' to update your system. Read more at https://www.tenable.com/plugins/nessus/216816 Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2023-45924	Amazon Linux 2023 : libglvnd, libglvnd-core-devel, libglvnd-devel (ALAS2023-2025-861) Description: Nessus Plugin ID 216817 with Critical Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-861 advisory. libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. (CVE-2023-45924)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update libglvnd --releasever 2023.6.20250218' to update your system. Read more at https://www.tenable.com/plugins/nessus/216817 Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-45802	Amazon Linux 2023 : squid (ALAS2023-2025-857) Description: Nessus Plugin ID 216818 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-857 advisory. Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. (CVE-2024-45802)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update squid --releasever 2023.6.20250218' to update your system. Read more at https://www.tenable.com/plugins/nessus/216818 CVSS: HIGH (7.5) Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-35966	Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-063) Description: Nessus Plugin ID 216819 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.15.178-120.178. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-063 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input (CVE-2024-35966) In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899) In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707) In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount (CVE-2024-49960) In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (CVE-2024-50304) In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672) In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF afte... Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-10458	Amazon Linux 2 : thunderbird (ALAS-2025-2765) Description: Nessus Plugin ID 216820 with Medium Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2765 advisory. A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10458) An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10459) The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10460) In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. (CVE-2024-10461) Truncation of a long URL could have allowed or... Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-57635	Amazon Linux 2 : virtuoso-opensource (ALAS-2025-2755) Description: Nessus Plugin ID 216821 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of virtuoso-opensource installed on the remote host is prior to 7.2.14-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2755 advisory. An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57635) An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57636) An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57637) An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57638) An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57639) An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57640) An issue in the sqlexp component of op... Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-4032	Amazon Linux 2 : python-ipaddress (ALAS-2025-2761) Description: Nessus Plugin ID 216822 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of python-ipaddress installed on the remote host is prior to 1.0.16-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2761 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. (CVE-2024-4032)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update python-ipaddress' to update your system. Read more at https://www.tenable.com/plugins/nessus/216822 Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-11233	Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845) Description: Nessus Plugin ID 216823 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a DoS. (CVE-2024-11233) The upstream advisory describes this issue as follows: Configuring a proxy in a stream context might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks. (CVE-2024-11234) Erroneous parsing of multipart form data NOTE: Fixed in 8.3.12, 8.2.24NOTE: https://github.com/php/php- src/security/advisories/GHSA-9pqp-7h25-4f32NOTE: https://github.com/php/php- src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24) (CVE-2024-8925) cgi.force_redirect configuration is byppassible due to the environment variable collision NOTE: Fixed in 8.3.12, 8.2.24NOTE: https://github.com/php/php- src/security/advisories/GHSA-94p6-54jq-9mwpNOTE: https://github.com/php/php- src/commit/48808d98f4fc2a05193cdcc1aedd6c668... Source: Tenable Plugins February 26th, 2025 (4 months ago)
CVE-2024-4032	Amazon Linux 2 : python3 (ALAS-2025-2762) Description: Nessus Plugin ID 216824 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2762 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. (CVE-2024-4032)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update python3' to update your system. Read more at https://www.tenable.com/plugins/nessus/216824 Source: Tenable Plugins February 26th, 2025 (4 months ago)