Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27152 |
Description:
Nessus Plugin ID 234538 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1326-1 advisory. - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840) - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected pgadmin4, pgadmin4-doc and / or pgadmin4-web packages.
Read more at https://www.tenable.com/plugins/nessus/234538
CVSS: HIGH (7.7)
April 17th, 2025 (4 days ago)
|
|
CVE-2024-54551 |
Description:
Nessus Plugin ID 234539 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1331-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
...
EPSS Score: 0.17%
April 17th, 2025 (4 days ago)
|
|
CVE-2025-31492 |
Description:
Nessus Plugin ID 234540 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1324-1 advisory. - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected apache2-mod_auth_openidc package.
Read more at https://www.tenable.com/plugins/nessus/234540
CVSS: HIGH (8.2) EPSS Score: 0.19%
April 17th, 2025 (4 days ago)
|
|
CVE-2025-23392 |
Description:
Nessus Plugin ID 234541 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1321-1 advisory. spacewalk-java: - Version 4.3.85-0: * CVE-2025-23392: Filter user input in systems list page. (bsc#1239826)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234541
April 17th, 2025 (4 days ago)
|
|
CVE-2025-1860 |
Description:
Nessus Plugin ID 234542 with Critical Severity
Synopsis
The remote openSUSE host is missing a security update.
Description
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information.Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected perl-Data-Entropy package.
Read more at https://www.tenable.com/plugins/nessus/234542
EPSS Score: 0.03%
April 17th, 2025 (4 days ago)
|
|
CVE-2024-8176 |
Description:
Nessus Plugin ID 234543 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1295-1 advisory. - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContextTenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected expat, libexpat-devel, libexpat1 and / or libexpat1-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/234543
April 17th, 2025 (4 days ago)
|
|
CVE-2024-12088 |
Description:
Nessus Plugin ID 234544 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1330-1 advisory. - Fixed bwlimit=0 option broken by CVE-2024-12088 fix (bsc#1239649).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected rsync package.
Read more at https://www.tenable.com/plugins/nessus/234544
April 17th, 2025 (4 days ago)
|
|
CVE-2021-46925 |
Description:
Nessus Plugin ID 234545 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1293-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (bsc#1237767). - CVE-2021-47648: gpu: host1x: Fix a memory leak in 'host1x_remove()' (bsc#1237725). - CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() (bsc#1237842). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49059: nfc: nci: add flush_workqueue to prevent uaf (bsc#1238007). - CVE-2022-49074: irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1237728). - CVE-2022-49075: btrfs: fix qgroup reserve overflow the qgroup limit (bsc#1237733). - CVE-2022-49084: qede: confirm skb is allocated before using (bsc#1237751). - CVE-2022-49107: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1237973). - CVE-2022-49109: ceph: fix inode reference leak...
CVSS: MEDIUM (4.7)
April 17th, 2025 (4 days ago)
|
|
CVE-2024-54551 |
Description:
Nessus Plugin ID 234546 with Medium Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1325-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) - CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863) - CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864)Tenable has extracted the prec...
EPSS Score: 0.17%
April 17th, 2025 (4 days ago)
|
|
CVE-2025-30712 |
Description:
Nessus Plugin ID 234547 with High Severity
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 7.1.6 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. (CVE-2025-30712) - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox....
CVSS: HIGH (8.1) EPSS Score: 0.01%
April 17th, 2025 (4 days ago)
|