CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1175 |
Description: Cross-Site Scripting (XSS) vulnerability in Kelio Visio
Mon, 02/10/2025 - 13:15
Aviso
Affected Resources
Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4: versions between 3.2C and 5.1K.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting Kelio Visio 1, Visio X7 and Visio X4, a touch-screen punch terminal, which has been discovered by Ismael Pacheco Torrecilla.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1175: CVSS v3.1: 6.1 | CVSS AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79
Identificador
INCIBE-2025-0068
3 - Medium
Solution
The vulnerability has been fixed by the Kelio Visio team in versions 4.5E11, 4.6K5 and 5.1L8.
Detail
CVE-2025-1175: Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’ parameter of the ‘/PageLoginVisio.do’ endpoint.
References list
Product sheet - Kelio Visio
...
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
Description: Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
February 10th, 2025 (5 months ago)
|
|
CVE-2025-25064 |
Description: Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
|
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215165 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0349-1 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215165
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215166 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0387-1 advisory. - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libopenssl-3-devel, libopenssl3 and / or openssl-3 packages.
Read more at https://www.tenable.com/plugins/nessus/215166
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215169 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0370-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/215169
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-11218 |
Description:
Nessus Plugin ID 215172 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0382-1 advisory. - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected podman, podman-docker, podman-remote and / or podmansh packages.
Read more at https://www.tenable.com/plugins/nessus/215172
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215173 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0388-1 advisory. - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libopenssl-3-devel, libopenssl3 and / or openssl-3 packages.
Read more at https://www.tenable.com/plugins/nessus/215173
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215174 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0369-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215174
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|