Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-12088
SUSE SLES12 Security Update : rsync (SUSE-SU-2025:1330-1)
Description: Nessus Plugin ID 234544 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1330-1 advisory. - Fixed bwlimit=0 option broken by CVE-2024-12088 fix (bsc#1239649).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected rsync package. Read more at https://www.tenable.com/plugins/nessus/234544
Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2021-46925
SUSE SLES12 Security Update : kernel (SUSE-SU-2025:1293-1)
Description: Nessus Plugin ID 234545 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1293-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (bsc#1237767). - CVE-2021-47648: gpu: host1x: Fix a memory leak in 'host1x_remove()' (bsc#1237725). - CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() (bsc#1237842). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49059: nfc: nci: add flush_workqueue to prevent uaf (bsc#1238007). - CVE-2022-49074: irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1237728). - CVE-2022-49075: btrfs: fix qgroup reserve overflow the qgroup limit (bsc#1237733). - CVE-2022-49084: qede: confirm skb is allocated before using (bsc#1237751). - CVE-2022-49107: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1237973). - CVE-2022-49109: ceph: fix inode reference leak...

CVSS: MEDIUM (4.7)

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2024-54551
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2025:1325-1)
Description: Nessus Plugin ID 234546 with Medium Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1325-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) - CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863) - CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864)Tenable has extracted the prec...

EPSS Score: 0.17%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-30712
Oracle VM VirtualBox (April 2025 CPU)
Description: Nessus Plugin ID 234547 with High Severity Synopsis The remote host is affected by multiple vulnerabilities Description The 7.1.6 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. (CVE-2025-30712) - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox....

CVSS: HIGH (8.1)

EPSS Score: 0.01%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)
Unmasking the new XorDDoS controller and infrastructure
Description: Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.
Source: Cisco Talos Blog
April 17th, 2025 (4 days ago)
Blockchain Offers Security Benefits – But Don't Neglect Your Passwords
Description: Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Source: TheHackerNews
April 17th, 2025 (4 days ago)
🏴‍☠️ Qilin has just published a new victim : universalwindow.com
Description: Universal Window and Door, LLC engages in the design, manufacture, and supply of custom window solutions for historic restoration and new commercial construction projects. The company offers steel replica, historic, projected/casement, double ...
Source: Ransomware.live
April 17th, 2025 (4 days ago)
🏴‍☠️ Qilin has just published a new victim : yankeetrails.com
Description: In 1957, Yankee Trails opened its doors with the goal of providing safe, affordable motor coach transportation to patrons in and around Upstate New York. Shuttle service between Albany and Vermont put the company on the map and continues to o ...
Source: Ransomware.live
April 17th, 2025 (4 days ago)
Brit soldiers tune radio waves to fry drone swarms for pennies
Source: TheRegister
April 17th, 2025 (4 days ago)
New Windows Server emergency updates fix container launch issue
Description: Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. [...]
Source: BleepingComputer
April 17th, 2025 (4 days ago)