CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
February 11th, 2025 (5 months ago)
|
|
|
Description: Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.
February 11th, 2025 (5 months ago)
|
CVE-2025-1230 |
Description: Cross-Site Scripting (XSS) vulnerability in Prestashop
Tue, 02/11/2025 - 14:09
Aviso
Affected Resources
Prestashop, 8.1.7 version.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting Prestashop - a free open source platform designed to create and manage e-commerce - which has been discovered by David Aparicio Salcedo.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1230: CVSS v3.1: 4.8 | CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CWE-79
Identificador
INCIBE-2025-0072
3 - Medium
Solution
The manufacturer is working on a fix for this vulnerability. It is recommended to update to the latest version available.
Detail
CVE-2025-1230: Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
References list
Prestashop
Etiquetas
0day
...
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
|
Description: Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS
February 11th, 2025 (5 months ago)
|
|
|
Description: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
February 11th, 2025 (5 months ago)
|
|
|
Description:
Nessus Plugin ID 216045 with Medium Severity
Synopsis
The remote Oracle Linux host is missing a security update.
Description
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1215 advisory. [2018.2-10.1] - Remove jQuery from Doxygen files (RHEL-77669) [2018.2-10] - Apply patches from (BZ #1907561) - Bump releaseTenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216045
February 11th, 2025 (5 months ago)
|
|
|
Description:
Nessus Plugin ID 216046 with Medium Severity
Synopsis
The remote Oracle Linux host is missing a security update.
Description
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1210 advisory. [2020.3-8.1] - Remove jQuery from Doxygen output (RHEL-77693)Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216046
February 11th, 2025 (5 months ago)
|
|
CVE-2025-24898 |
Description:
Nessus Plugin ID 216047 with Medium Severity
Synopsis
The remote Debian host is missing a security-related update.
Description
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4049 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4049-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura February 11, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rust-openssl Version : 0.10.29-1+deb11u1 CVE ID : CVE-2025-24898 A vulnerability has been discovered in rust-openssl, a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. This security update fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers. In standard usage of ssl::select_next_proto ...
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216048 with High Severity
Synopsis
The remote Red Hat host is missing a security update for kernel.
Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1266 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2025:1266.
Read more at https://www.tenable.com/plugins/nessus/216048
CVSS: LOW (0.0)
February 11th, 2025 (5 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216049 with High Severity
Synopsis
The remote Red Hat host is missing one or more security updates for kernel-rt.
Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1269 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel-rt package based on the guidance in RHSA-2025:1269.
Read more at https://www.tenable.com/plugins/nessus/216049
CVSS: LOW (0.0)
February 11th, 2025 (5 months ago)
|