CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2022-49043 |
Description:
Nessus Plugin ID 215178 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0348-1 advisory. - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215178
CVSS: HIGH (8.1)
February 10th, 2025 (5 months ago)
|
|
CVE-2024-11187 |
Description:
Nessus Plugin ID 215179 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0384-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected bind, bind-doc, bind-utils and / or python3-bind packages.
Read more at https://www.tenable.com/plugins/nessus/215179
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2025-0725 |
Description:
Nessus Plugin ID 215180 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0372-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/215180
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
Description:
Nessus Plugin ID 215181 with Medium Severity
Synopsis
The remote openSUSE host is missing a security update.
Description
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0357-1 advisory. Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a ...
February 10th, 2025 (5 months ago)
|
|
CVE-2025-1009 |
Description:
Nessus Plugin ID 215182 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0374-1 advisory. * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7Tena...
EPSS Score: 0.11%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215183 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0356-1 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215183
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-11187 |
Description:
Nessus Plugin ID 215184 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0355-1 advisory. Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected bind, bind-doc and / or bind-utils packages.
Read more at https://www.tenable.com/plugins/nessus/215184
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
|
February 10th, 2025 (5 months ago)
|
|
|
Description: Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime
February 10th, 2025 (5 months ago)
|
|
|
Description: Are your defenses truly battle-tested? Security validation ensures you're not just hoping your security works—it proves it. Learn more from Pentera on how to validate against ransomware, credential threats, and unpatched vulnerabilities in the GOAT Guide. [...]
February 10th, 2025 (5 months ago)
|