CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-26710
powerpc/kasan: Limit KASAN thread size increase to 32KB
Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB.

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-26001
PHOENIX CONTACT: Out of bounds write only memory access
Description: An unauthenticated remote attacker can write&nbsp;memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

CVSS: HIGH (7.4)

EPSS Score: 0.2%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-26000
PHOENIX CONTACT: Out of bounds read only memory access
Description: An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack.&nbsp;The brute force attack is not always successful because of memory randomization.

CVSS: MEDIUM (5.9)

EPSS Score: 0.19%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-25998
PHOENIX CONTACT: Command injection in the OCPP Service
Description: An unauthenticated remote attacker can perform a command injection&nbsp;in the OCPP&nbsp;Service with limited privileges due to improper input validation.

CVSS: HIGH (7.3)

EPSS Score: 0.07%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-25994
PHOENIX CONTACT: Unintended script file upload in CHARX Series
Description: An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation.&nbsp;The upload destination is fixed and is write only.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-25034
IBM Planning Analytics file upload
Description: IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

CVSS: HIGH (8.0)

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-24451
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to...
Description: A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-24442
A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to...
Description: A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-1488
Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
Description: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (6 months ago)

CVE-2024-13698
Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Ima...
Description: The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (6 months ago)