CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Zero-Day Flaws Found in Qardio Heart Health iOS & Android Apps
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert regarding multiple vulnerabilities affecting Qardio's Heart Health mobile applications and the QardioARM A100 blood pressure monitor. The flaws, if exploited, could allow attackers to access sensitive personal information, disrupt device functionality, and extract firmware files. The vulnerabilities were reported to CISA by … The post Zero-Day Flaws Found in Qardio Heart Health iOS & Android Apps appeared first on CyberInsider.
Source: CyberInsider
February 14th, 2025 (5 months ago)

CVE-2020-11023
Oracle Linux 8 : gcc-toolset-13-gcc (ELSA-2025-1306)
Description: Nessus Plugin ID 216255 with Medium Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1306 advisory. [13.3.1-2.2.0.1] - Merge Oracle patches to 13.3.1-2.2. gfortran needs install-info at installation time. Orabug: 36472775 [13.3.1-2.2] - disable jQuery use, don't ship jquery.js (CVE-2020-11023, RHEL-78279)Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216255

CVSS: MEDIUM (6.9)

Source: Tenable Plugins
February 14th, 2025 (5 months ago)

CVE-2025-23083
Oracle Linux 8 : nodejs:20 (ELSA-2025-1351)
Description: Nessus Plugin ID 216256 with High Severity Synopsis The remote Oracle Linux host is missing one or more security updates. Description The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1351 advisory. - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76001 RHEL-76146 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 - Backport nghttp2 patch for CVE-2024-28182 - Rebase to version 20.12.0 Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Addresses CVE-2024-25629 (c-ares) - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) - Fixes CVE-2023-44487 (nghttp) - Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 - Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high) - Address CVE-2023-32006, CVE-2023-32559 (medium) - Address CVE-2023-32005, CVE-2023-32003 (low) - Rebase to 18.16.1 Resolves: rhbz#2188290 rhbz#2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 - Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807 - R...

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: Tenable Plugins
February 14th, 2025 (5 months ago)

CVE-2024-12797
Fedora 41 : openssl (2025-e0e44b1b98)
Description: Nessus Plugin ID 216257 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e0e44b1b98 advisory. Rebase to 3.2.4, fix CVE-2024-12797Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected 1:openssl package. Read more at https://www.tenable.com/plugins/nessus/216257

EPSS Score: 0.05%

Source: Tenable Plugins
February 14th, 2025 (5 months ago)

CVE-2025-24528
Fedora 41 : krb5 (2025-3e5228ee23)
Description: Nessus Plugin ID 216258 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3e5228ee23 advisory. - Prevent overflow when calculating ulog block size (CVE-2025-24528) - Support PKCS11 EC client certs in PKINIT - kdb5_util: fix DB entry flags on modification - Add ECDH support for PKINIT (RFC5349)Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected krb5 package. Read more at https://www.tenable.com/plugins/nessus/216258
Source: Tenable Plugins
February 14th, 2025 (5 months ago)
Fedora 40 : python3.13 (2025-33e7714792)
Description: Nessus Plugin ID 216259 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-33e7714792 advisory. Update to 3.13.2 ---- Statically build the `_datetime` module into libpython. This fixes a segfault when importing it from Python 3.13.0 updated to 3.13.1+ while running.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected python3.13 package. Read more at https://www.tenable.com/plugins/nessus/216259
Source: Tenable Plugins
February 14th, 2025 (5 months ago)
Valve Removes Steam Game “PirateFi” After Malware Discovery
Description: Valve has removed the game PirateFi from Steam after discovering that its builds contained suspected malware. The company issued warnings to affected users, advising them to conduct a full-system antivirus scan and even consider a complete operating system reformat to remove potential threats. The issue came to light when Valve identified malicious files within PirateFi … The post Valve Removes Steam Game “PirateFi” After Malware Discovery appeared first on CyberInsider.
Source: CyberInsider
February 14th, 2025 (5 months ago)
Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself
Source: TheRegister
February 14th, 2025 (5 months ago)
Anyone Can Push Updates to the DOGE.gov Website
Description: "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."
Source: 404 Media
February 14th, 2025 (5 months ago)

CVE-2025-1094
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Description: Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: TheHackerNews
February 14th, 2025 (5 months ago)