CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2022-48174
CBL Mariner 2.0 Security Update: busybox (CVE-2022-48174)
Description: Nessus Plugin ID 216343 with Critical Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of busybox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-48174 advisory. - There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. (CVE-2022-48174)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216343

CVSS: CRITICAL (9.8)

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2024-54543
Fedora 41 : webkitgtk (2025-3e8ed13bf0)
Description: Nessus Plugin ID 216344 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3e8ed13bf0 advisory. Update to WebKitGTK 2.46.6: * Fix a crash when enabling Skia CPU rendering. * Fix several crashes and rendering issues. * Fix CVE-2024-54543, CVE-2025-24143, CVE-2025-24150, CVE-2025-24158, CVE-2025-24162Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected webkitgtk package. Read more at https://www.tenable.com/plugins/nessus/216344

EPSS Score: 0.08%

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2025-23419
Fedora 41 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-66ebd291f8)
Description: Nessus Plugin ID 216345 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-66ebd291f8 advisory. Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: gzip filter failed to use preallocated memory alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenab...

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2024-41311
Fedora 40 : libheif (2025-666aaa6a0d)
Description: Nessus Plugin ID 216346 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-666aaa6a0d advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. **NOTE:** `heif-convert` tool was renamed to `heif-dec`. How to test: ========== Download and unzip sample images from [mastodon issue #31570](https://github.com/user- attachments/files/16734152/HEIF-images.zip). Try opening them with e.g. `loupe` or `gimp`. They fail to open with `libheif-1.17.6`, but should open successfully with `libheif-1.19.5`. Fixes [CVE-2024-41311](https://github.com/advisories/GHSA-mwf7-wfvq-vc32) .Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libheif package. Read more at https://www.tenable.com/plugins/nessus/216346

CVSS: HIGH (8.1)

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2024-41311
Fedora 41 : libheif (2025-8fdb7be3cb)
Description: Nessus Plugin ID 216347 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. **NOTE:** `heif-convert` tool was renamed to `heif-dec`. How to test: ========== Download and unzip sample images from [mastodon issue #31570](https://github.com/user- attachments/files/16734152/HEIF-images.zip). Try opening them with e.g. `loupe` or `gimp`. They fail to open with `libheif-1.17.6`, but should open successfully with `libheif-1.19.5`. Fixes [CVE-2024-41311](https://github.com/advisories/GHSA-mwf7-wfvq-vc32) .Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libheif package. Read more at https://www.tenable.com/plugins/nessus/216347

CVSS: HIGH (8.1)

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2025-23419
Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)
Description: Nessus Plugin ID 216348 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: gzip filter failed to use preallocated memory alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenab...

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2025-24528
Fedora 40 : krb5 (2025-61b9344baf)
Description: Nessus Plugin ID 216349 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-61b9344baf advisory. - Prevent overflow when calculating ulog block size (CVE-2025-24528) - Support PKCS11 EC client certs in PKINIT - kdb5_util: fix DB entry flags on modification - Add ECDH support for PKINIT (RFC5349)Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected krb5 package. Read more at https://www.tenable.com/plugins/nessus/216349
Source: Tenable Plugins
February 15th, 2025 (5 months ago)
Photon OS 5.0: Linux PHSA-2025-5.0-0472
Description: Nessus Plugin ID 216350 with Medium Severity Synopsis The remote PhotonOS host is missing multiple security updates. Description An update of the linux package has been released. Solution Update the affected Linux packages. Read more at https://www.tenable.com/plugins/nessus/216350
Source: Tenable Plugins
February 15th, 2025 (5 months ago)

CVE-2025-26819
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
Description: Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
Description: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVSS: MEDIUM (4.5)

EPSS Score: 0.05%

Source: CVE
February 15th, 2025 (5 months ago)