CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
Nessus Plugin ID 215047 with Medium Severity
Synopsis
The remote Oracle Linux host is missing a security update.
Description
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1066 advisory. [128.7.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.7.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.7.0-1] - Update to 128.7.0 build1Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected firefox and / or firefox-x11 packages.
Read more at https://www.tenable.com/plugins/nessus/215047
February 6th, 2025 (5 months ago)
|
|
|
Description: Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.
February 6th, 2025 (5 months ago)
|
|
|
Description: In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.
February 6th, 2025 (5 months ago)
|
|
|
February 6th, 2025 (5 months ago)
|
CVE-2025-25246 |
Description: NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24805 |
Description: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24804 |
Description: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `CFBundleIdentifier` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24803 |
Description: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `CFBundleIdentifier` value. The `dynamic_analysis.html` file does not sanitize the received bundle value from Corellium and as a result, it is possible to break the HTML context and achieve Stored XSS. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24497 |
Description: When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24372 |
Description: CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none`
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|