Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22868 |
Description:
Nessus Plugin ID 234527 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. (CVE-2025-22868) SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. (CVE-2025-22869)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update docker' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234527
April 17th, 2025 (4 days ago)
|
|
CVE-2022-49390 |
Description:
Nessus Plugin ID 234528 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 5.10.235-227.919. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-088 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit (CVE-2024-57973) In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process (CVE-2024-57977) In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free (CVE-2024-57979) In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083) In the Linux kernel, ...
CVSS: HIGH (7.8)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-30474 |
Description:
Nessus Plugin ID 234529 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2819 advisory. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messageThis issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. (CVE-2025-30474)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update apache-commons-vfs' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234529
EPSS Score: 0.05%
April 17th, 2025 (4 days ago)
|
|
CVE-2024-53259 |
Description:
Nessus Plugin ID 234530 with Medium Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53259 advisory. - quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a message too large error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. (CVE-2024-53259)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234530
CVSS: MEDIUM (6.5)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-24912 |
Description:
Nessus Plugin ID 234531 with Low Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of wpa_supplicant installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24912 advisory. - hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server May inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234531
CVSS: LOW (3.7)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-30219 |
Description:
Nessus Plugin ID 234532 with Medium Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of rabbitmq-server installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30219 advisory. - RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue. (CVE-2025-30219)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solutio...
CVSS: MEDIUM (6.1) EPSS Score: 0.1%
April 17th, 2025 (4 days ago)
|
|
CVE-2024-53259 |
Description:
Nessus Plugin ID 234533 with Medium Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53259 advisory. - quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a message too large error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. (CVE-2024-53259)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234533
CVSS: MEDIUM (6.5)
April 17th, 2025 (4 days ago)
|
|
CVE-2021-4217 |
Description:
Nessus Plugin ID 234534 with Low Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of unzip installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4217 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234534
CVSS: LOW (3.3)
April 17th, 2025 (4 days ago)
|
|
CVE-2024-53257 |
Description:
Nessus Plugin ID 234535 with Medium Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. (CVE-2024-53257)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234535
CVSS: MEDIUM (4.9)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-2588 |
Description:
Nessus Plugin ID 234536 with Medium Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of augeas installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2588 advisory. - A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and May be used. (CVE-2025-2588)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234536
CVSS: MEDIUM (4.8) EPSS Score: 0.07%
April 17th, 2025 (4 days ago)
|