CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13176 |
Description:
Nessus Plugin ID 215173 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0388-1 advisory. - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libopenssl-3-devel, libopenssl3 and / or openssl-3 packages.
Read more at https://www.tenable.com/plugins/nessus/215173
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215174 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0369-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215174
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-24528 |
Description:
Nessus Plugin ID 215175 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0351-1 advisory. - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215175
February 10th, 2025 (5 months ago)
|
|
CVE-2021-31879 |
Description:
Nessus Plugin ID 215176 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0380-1 advisory. - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected wget package.
Read more at https://www.tenable.com/plugins/nessus/215176
CVSS: MEDIUM (6.1)
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215177 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0371-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/215177
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
CVE-2022-49043 |
Description:
Nessus Plugin ID 215178 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0348-1 advisory. - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215178
CVSS: HIGH (8.1)
February 10th, 2025 (5 months ago)
|
|
CVE-2024-11187 |
Description:
Nessus Plugin ID 215179 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0384-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected bind, bind-doc, bind-utils and / or python3-bind packages.
Read more at https://www.tenable.com/plugins/nessus/215179
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215180 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0372-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/215180
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
Description:
Nessus Plugin ID 215181 with Medium Severity
Synopsis
The remote openSUSE host is missing a security update.
Description
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0357-1 advisory. Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a ...
February 10th, 2025 (5 months ago)
|
|
CVE-2025-1009 |
Description:
Nessus Plugin ID 215182 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0374-1 advisory. * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7Tena...
EPSS Score: 0.11%
February 10th, 2025 (5 months ago)
|