CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-53104	Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks Description: Google has released the February 2025 Android security update, addressing a total of 48 vulnerabilities, including an actively exploited zero-day flaw tracked as CVE-2024-53104. The update is available for Android 12 through Android 15 devices and contains fixes for multiple security issues across the Framework, System, Kernel, and vendor components. The actively exploited vulnerability, tracked … The post Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks appeared first on CyberInsider. EPSS Score: 0.04% Source: CyberInsider February 4th, 2025 (5 months ago)
	Google patches odd Android kernel security bug amid signs of targeted exploitation Source: TheRegister February 4th, 2025 (5 months ago)
CVE-2024-10929	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-092) Description: Nessus Plugin ID 214921 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.4.289-204.398. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-092 advisory. Placeholder CVE. Details forthcoming (CVE-2024-10929) In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884) In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936) In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/214921 EPSS Score: 0.04% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-45337	Amazon Linux 2 : containerd (ALASECS-2025-046) Description: Nessus Plugin ID 214922 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-046 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that A call to this function does not guarantee that the key offered is in fact used to authenticate. Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actual... EPSS Score: 0.05% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-45337	Amazon Linux 2 : containerd (ALASDOCKER-2025-049) Description: Nessus Plugin ID 214923 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that A call to this function does not guarantee that the key offered is in fact used to authenticate. Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not act... EPSS Score: 0.05% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-10929	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-081) Description: Nessus Plugin ID 214924 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.10.233-224.894. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-081 advisory. Placeholder CVE. Details forthcoming (CVE-2024-10929) In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067) In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/214924 EPSS Score: 0.04% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-10929	Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-062) Description: Nessus Plugin ID 214925 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.15.176-118.178. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-062 advisory. Placeholder CVE. Details forthcoming (CVE-2024-10929) In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067) In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242) In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246) In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle (CVE-2024-56658)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/214925 EPSS Score: 0.04% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-45337	Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-050) Description: Nessus Plugin ID 214926 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of runfinch-finch installed on the remote host is prior to 1.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-050 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that A call to this function does not guarantee that the key offered is in fact used to authenticate. Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not ... EPSS Score: 0.05% Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2021-47483	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-093) Description: Nessus Plugin ID 214927 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.4.162-86.275. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2025-093 advisory. In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() (CVE-2021-47483)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/214927 Source: Tenable Plugins February 4th, 2025 (5 months ago)
CVE-2024-45337	Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-049) Description: Nessus Plugin ID 214928 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that A call to this function does not guarantee that the key offered is in fact used to authenticate. Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does... EPSS Score: 0.05% Source: Tenable Plugins February 4th, 2025 (5 months ago)