CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-43790	SUSE SLES12 Security Update : vim (SUSE-SU-2025:0722-1) Description: Nessus Plugin ID 216882 with Low Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0722-1 advisory. Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected gvim, vim, vim-data and / or vim-data-common packages. Read more at https://www.tenable.com/plugins/nessus/216882 Source: Tenable Plugins February 27th, 2025 (5 months ago)
	SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for Maven (SUSE-SU-2025:0719-1) Description: Nessus Plugin ID 216883 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0719-1 advisory. maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: * Bug fixes and improved support of dynamic types * Dependency upgrades (ASM, Maven core, and notably the removal of commons-io) * Improved error handling by logging instead of failing * Improved dependency usage tracking maven-dependency-plugin was updated from version 3.6.0 to 3.8.1: - Key changes across versions: * Dependency upgrades on maven-dependency-analyzer and Doxia * Deprecated dependency:sources in favor of dependency:resolve-sources * Documentation improvements * New dependency analysis goal to check for invalid exclusions * New JSON output option for dependency:tree * Performance improvements * Several bug fixes addressing: - The handling of silent parameters - The display of the optional flag in the tree - The clarity of some error messages maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0: - Key changes across versions: * New features: - Passing the input filename to the parser - Adding a timezone fiel... Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26594	SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2025:0732-1) Description: Nessus Plugin ID 216884 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0732-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-extra and / or xorg-x11-server-sdk packages. Read more at https://www.tenable.com/plugins/nessus/216884 EPSS Score: 0.02% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26594	SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2025:0734-1) Description: Nessus Plugin ID 216885 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0734-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server and / or xorg-x11-server-extra packages. Read more at https://www.tenable.com/plugins/nessus/216885 EPSS Score: 0.02% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26465	Azure Linux 3.0 Security Update: openssh (CVE-2025-26465) Description: Nessus Plugin ID 216886 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of openssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26465 advisory. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. (CVE-2025-26465)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216886 EPSS Score: 11.5% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2023-5992	CBL Mariner 2.0 Security Update: opensc (CVE-2023-5992) Description: Nessus Plugin ID 216889 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5992 advisory. - A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side- channel resistant. This issue May result in the potential leak of private data. (CVE-2023-5992)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216889 Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26465	CBL Mariner 2.0 Security Update: openssh (CVE-2025-26465) Description: Nessus Plugin ID 216894 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of openssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26465 advisory. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. (CVE-2025-26465)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216894 EPSS Score: 11.5% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26594	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xwayland (SUSE-SU-2025:0729-1) Description: Nessus Plugin ID 216898 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0729-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xwayland and / or xwayland-devel packages. Read more at https://www.tenable.com/plugins/nessus/216898 EPSS Score: 0.02% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26594	SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2025:0731-1) Description: Nessus Plugin ID 216899 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0731-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-Xvfb, xorg-x11-server-extra and / or xorg-x11-server-sdk packages. Read more at https://www.tenable.com/plugins/nessus/216899 EPSS Score: 0.02% Source: Tenable Plugins February 27th, 2025 (5 months ago)
CVE-2025-26594	SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2025:0733-1) Description: Nessus Plugin ID 216900 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0733-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-extra, xorg-x11-server-sdk and / or xorg-x11-server-wayland packages. Read more at https://www.tenable.com/plugins/nessus/216900 EPSS Score: 0.02% Source: Tenable Plugins February 27th, 2025 (5 months ago)