Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-40635
SUSE SLES12 Security Update : containerd (SUSE-SU-2025:1346-1)
Description: Nessus Plugin ID 234604 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1346-1 advisory. - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27.Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected containerd, containerd-ctr and / or containerd-devel packages. Read more at https://www.tenable.com/plugins/nessus/234604

CVSS: MEDIUM (4.6)

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2024-10041
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam (SUSE-SU-2025:1334-1)
Description: Nessus Plugin ID 234605 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1334-1 advisory. - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234605
Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2024-54551
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2025:1336-1)
Description: Nessus Plugin ID 234606 with Critical Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1336-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affecte...

EPSS Score: 0.17%

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2023-45288
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rekor (SUSE-SU-2025:1332-1)
Description: Nessus Plugin ID 234607 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1332-1 advisory. - CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519) - CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053) - CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191) - CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327) - CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go- jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638) - CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468) Other fixes: - Update to version 1.3.10: * Features - Added --client-signing-algorithms flag (#1974) * Fixes / Misc - emit unpopulated values when marshalling (#2438) - pkg/api: better logs when algorithm registry rejects a key (#2429) - chore: improve mysq...

CVSS: HIGH (7.5)

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2025-32364
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2025:1342-1)
Description: Nessus Plugin ID 234608 with Medium Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1342-1 advisory. - CVE-2025-32364: Fixed a floating point exception. (bsc#1240880) - CVE-2025-32365: Fixed the isOk check in JBIG2Bitmap::combine function in JBIG2Stream.cc. (bsc#1240881) - Adding -fpie compile flag to GCC for Position Independent Executable (PIE) support (bsc#1239939).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234608

CVSS: MEDIUM (4.0)

EPSS Score: 0.02%

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2025-0495
SUSE SLES12 Security Update : docker-stable (SUSE-SU-2025:1344-1)
Description: Nessus Plugin ID 234609 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1344-1 advisory. - CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration (bsc#1239765) Other fixes: - Update to docker-buildx v0.22.0. - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected docker-stable and / or docker-stable-bash-completion packages. Read more at https://www.tenable.com/plugins/nessus/234609

CVSS: MEDIUM (4.1)

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2025-0495
SUSE SLES12 Security Update : docker (SUSE-SU-2025:1341-1)
Description: Nessus Plugin ID 234610 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1341-1 advisory. - Update to docker-buildx v0.22.0 - CVE-2025-0495: Fixed an integer overflow in User ID handling in containerd. (bsc#1239765)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected docker and / or docker-bash-completion packages. Read more at https://www.tenable.com/plugins/nessus/234610

CVSS: MEDIUM (4.1)

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2024-40635
SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2025:1345-1)
Description: Nessus Plugin ID 234611 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1345-1 advisory. - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27.Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected containerd, containerd-ctr and / or containerd-devel packages. Read more at https://www.tenable.com/plugins/nessus/234611

CVSS: MEDIUM (4.6)

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2024-56431
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs52 (SUSE-SU-2025:1340-1)
Description: Nessus Plugin ID 234612 with Critical Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1340-1 advisory. - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libmozjs-115-0, mozjs115 and / or mozjs115-devel packages. Read more at https://www.tenable.com/plugins/nessus/234612
Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)

CVE-2025-32464
SUSE SLES15 Security Update : haproxy (SUSE-SU-2025:1338-1)
Description: Nessus Plugin ID 234613 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1338-1 advisory. - CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected haproxy package. Read more at https://www.tenable.com/plugins/nessus/234613

CVSS: MEDIUM (6.8)

EPSS Score: 0.16%

Source: Tenable Plugins
April 18th, 2025 (about 15 hours ago)