CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0111 |
CVSS: HIGH (7.1) EPSS Score: 2.94%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-1198 |
Description:
Nessus Plugin ID 216222 with Medium Severity
Synopsis
The version of GitLab installed on the remote host is affected by a vulnerability.
Description
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results. (CVE-2025-1198)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to GitLab version 17.6.5, 17.7.4, 17.8.2 or later.
Read more at https://www.tenable.com/plugins/nessus/216222
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2023-4039 |
Description:
Nessus Plugin ID 216223 with Medium Severity
Synopsis
The remote Oracle Linux host is missing a security update.
Description
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1301 advisory. - Merge Oracle patches to 8.5.0-23. Oracle history: May-22-2024 Qing Zhao 8.5.0-22.0.1 - Merge Oracle patches to 8.5.0-22. Reviewed-by: Jose E. Marchesi March-27-2024 Qing Zhao 8.5.0-21.0.1 - Merge Oracle patches to 8.5.0-21. January-19-2024 Qing Zhao 8.5.0-20.0.3 - Fix Orabug 35283123, i.e, the same bug as GCC PR111407. gcc14-pr111407.patch Reviewed-by: Jose E. Marchesi January-5-2024 Jose E. Marchesi 8.5.0-20.0.2 - Restore support for -mpreserve-args in aarch64 targets, adapted to new AArch64 stack frame layout. Reviewed-by: Cupertino Miranda October-4-2023 David Faust 8.5.0-20.0.1 - Forward-port Oracle patches Reviewed-by: Jose E. Marchesi September-28-2023 David Faust 8.5.0-18.0.6 - Backport additional patches from gcc-9 to fix CVE-2023-4039 patches interaction with backported aarch64 -fstack-clash-protection support. [Orabug 35843962] Reviewed-by: Jose E. Marchesi August-31-2023 Qing Zhao 8.5.0-18.0.5 - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-...
CVSS: MEDIUM (4.8)
February 13th, 2025 (5 months ago)
|
|
CVE-2024-53240 |
Description:
Nessus Plugin ID 216224 with High Severity
Synopsis
The remote Oracle Linux host is missing one or more security updates.
Description
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20100 advisory. - xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240} - net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661} - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670} - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150} - bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615} - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586} - leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587} - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593} - drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 3743...
February 13th, 2025 (5 months ago)
|
|
CVE-2025-0938 |
Description:
Nessus Plugin ID 216225 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3726ae12e9 advisory. Security fix for CVE-2025-0938Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected python3.14 package.
Read more at https://www.tenable.com/plugins/nessus/216225
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-0938 |
Description:
Nessus Plugin ID 216226 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-10e053d399 advisory. Security fix for CVE-2025-0938Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected python3.10 package.
Read more at https://www.tenable.com/plugins/nessus/216226
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-21490 |
Description:
Nessus Plugin ID 216227 with Medium Severity
Synopsis
The remote database server is affected by a vulnerability.
Description
The version of MariaDB installed on the remote host is prior to 11.7.2. It is, therefore, affected by a vulnerability as referenced in the mdb-1172-rn advisory. - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2025-21490)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MariaDB version 11.7.2 or later.
Read more at https://www.tenable.com/plugins/nessus/216227
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-11218 |
Description:
Nessus Plugin ID 216228 with High Severity
Synopsis
The remote Red Hat host is missing a security update for container-tools:rhel8.
Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1372 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (CVE-2024-11218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL container-tools:rhel8 package based on the guidance in RHSA-2025:1372.
Read more at https://www.tenable.com/plugins/nessus/216228
EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-56201 |
Description:
Nessus Plugin ID 216229 with Medium Severity
Synopsis
The remote Red Hat host is missing one or more security updates for OpenShift Container Platform 4.13.55.
Description
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1118 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.55. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2025:1116 Security Fix(es): * jinja2: Jinja has a sandbox breakout through malicious filenames (CVE-2024-56201) * jinja2: Jinja has a sandbox breakout through indirect reference to format method (CVE-2024-56326) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/c...
CVSS: MEDIUM (5.4)
February 13th, 2025 (5 months ago)
|
|
Description: Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
February 13th, 2025 (5 months ago)
|