CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24014
CBL Mariner 2.0 Security Update: vim (CVE-2025-24014)
Description: Nessus Plugin ID 214796 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24014 advisory. - Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however May be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. (CVE-2025-24014)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214796

CVSS: MEDIUM (4.2)

EPSS Score: 0.04%

Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2024-23807
CBL Mariner 2.0 Security Update: xerces-c (CVE-2024-23807)
Description: Nessus Plugin ID 214797 with Critical Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of xerces-c installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23807 advisory. - The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4. (CVE-2024-23807)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214797
Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2023-45322
CBL Mariner 2.0 Security Update: libxml2 (CVE-2023-45322)
Description: Nessus Plugin ID 214798 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45322 advisory. - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail. (CVE-2023-45322)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214798
Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2024-9681
CBL Mariner 2.0 Security Update: cmake / curl (CVE-2024-9681)
Description: Nessus Plugin ID 214799 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of cmake / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://exam...

EPSS Score: 0.05%

Source: Tenable Plugins
January 30th, 2025 (5 months ago)
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : VLC vulnerability (USN-7243-1)
Description: Nessus Plugin ID 214800 with High Severity Synopsis The remote Ubuntu host is missing a security update. Description The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7243-1 advisory. It was discovered that VLC incorrectly handled memory when reading an MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214800
Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2024-56201
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Jinja2 vulnerabilities (USN-7244-1)
Description: Nessus Plugin ID 214801 with Medium Severity Synopsis The remote Ubuntu host is missing one or more security updates. Description The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7244-1 advisory. It was discovered that Jinja2 incorrectly handled certain filenames when compiling template content. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-56201) It was discovered that Jinja2 incorrectly handled string formatting calls. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-56326)Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected python-jinja2 and / or python3-jinja2 packages. Read more at https://www.tenable.com/plugins/nessus/214801

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: Tenable Plugins
January 30th, 2025 (5 months ago)

CVE-2025-24085
Apple Multiple Products Use-After-Free Vulnerability
Description: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

EPSS Score: 0.21%

Source: CISA KEV
January 30th, 2025 (5 months ago)

CVE-2025-24884
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Description: kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2025-24882
regclient may ignore pinned manifest digests
Description: regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

CVSS: MEDIUM (5.2)

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)

CVE-2025-24795
The Snowflake Connector for Python uses insecure cache files permissions
Description: The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

CVSS: MEDIUM (4.4)

EPSS Score: 0.04%

Source: CVE
January 30th, 2025 (5 months ago)