CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-43790

Description: Nessus Plugin ID 216882 with Low Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0722-1 advisory. Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected gvim, vim, vim-data and / or vim-data-common packages. Read more at https://www.tenable.com/plugins/nessus/216882
Source: Tenable Plugins
February 27th, 2025 (5 months ago)
Description: Nessus Plugin ID 216883 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0719-1 advisory. maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: * Bug fixes and improved support of dynamic types * Dependency upgrades (ASM, Maven core, and notably the removal of commons-io) * Improved error handling by logging instead of failing * Improved dependency usage tracking maven-dependency-plugin was updated from version 3.6.0 to 3.8.1: - Key changes across versions: * Dependency upgrades on maven-dependency-analyzer and Doxia * Deprecated dependency:sources in favor of dependency:resolve-sources * Documentation improvements * New dependency analysis goal to check for invalid exclusions * New JSON output option for dependency:tree * Performance improvements * Several bug fixes addressing: - The handling of silent parameters - The display of the optional flag in the tree - The clarity of some error messages maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0: - Key changes across versions: * New features: - Passing the input filename to the parser - Adding a timezone fiel...
Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26594

Description: Nessus Plugin ID 216884 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0732-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-extra and / or xorg-x11-server-sdk packages. Read more at https://www.tenable.com/plugins/nessus/216884

EPSS Score: 0.02%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26594

Description: Nessus Plugin ID 216885 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0734-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server and / or xorg-x11-server-extra packages. Read more at https://www.tenable.com/plugins/nessus/216885

EPSS Score: 0.02%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26465

Description: Nessus Plugin ID 216886 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of openssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26465 advisory. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. (CVE-2025-26465)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216886

EPSS Score: 11.5%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2023-5992

Description: Nessus Plugin ID 216889 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5992 advisory. - A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side- channel resistant. This issue May result in the potential leak of private data. (CVE-2023-5992)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216889
Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26465

Description: Nessus Plugin ID 216894 with Medium Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of openssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26465 advisory. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. (CVE-2025-26465)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216894

EPSS Score: 11.5%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26594

Description: Nessus Plugin ID 216898 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0729-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xwayland and / or xwayland-devel packages. Read more at https://www.tenable.com/plugins/nessus/216898

EPSS Score: 0.02%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26594

Description: Nessus Plugin ID 216899 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0731-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-Xvfb, xorg-x11-server-extra and / or xorg-x11-server-sdk packages. Read more at https://www.tenable.com/plugins/nessus/216899

EPSS Score: 0.02%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)

CVE-2025-26594

Description: Nessus Plugin ID 216900 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0733-1 advisory. - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected xorg-x11-server, xorg-x11-server-extra, xorg-x11-server-sdk and / or xorg-x11-server-wayland packages. Read more at https://www.tenable.com/plugins/nessus/216900

EPSS Score: 0.02%

Source: Tenable Plugins
February 27th, 2025 (5 months ago)