Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53257
Azure Linux 3.0 Security Update: vitess (CVE-2024-53257)
Description: Nessus Plugin ID 234535 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. (CVE-2024-53257)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234535

CVSS: MEDIUM (4.9)

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-2588
Azure Linux 3.0 Security Update: augeas (CVE-2025-2588)
Description: Nessus Plugin ID 234536 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of augeas installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2588 advisory. - A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and May be used. (CVE-2025-2588)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234536

CVSS: MEDIUM (4.8)

EPSS Score: 0.07%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2020-36327
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rubygem-bundler (SUSE-SU-2025:1294-1)
Description: Nessus Plugin ID 234537 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1294-1 advisory. - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected ruby2.5-rubygem-bundler and / or ruby2.5-rubygem-bundler-doc packages. Read more at https://www.tenable.com/plugins/nessus/234537

CVSS: HIGH (8.8)

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-27152
SUSE SLED15 / SLES15 Security Update : pgadmin4 (SUSE-SU-2025:1326-1)
Description: Nessus Plugin ID 234538 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1326-1 advisory. - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840) - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected pgadmin4, pgadmin4-doc and / or pgadmin4-web packages. Read more at https://www.tenable.com/plugins/nessus/234538

CVSS: HIGH (7.7)

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2024-54551
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2025:1331-1)
Description: Nessus Plugin ID 234539 with Critical Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1331-1 advisory. - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. ...

EPSS Score: 0.17%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-31492
SUSE SLES15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:1324-1)
Description: Nessus Plugin ID 234540 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1324-1 advisory. - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected apache2-mod_auth_openidc package. Read more at https://www.tenable.com/plugins/nessus/234540

CVSS: HIGH (8.2)

EPSS Score: 0.19%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-23392
SUSE SLES15 Security Update : Multi-Linux Manager 4.3: Server (SUSE-SU-2025:1321-1)
Description: Nessus Plugin ID 234541 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1321-1 advisory. spacewalk-java: - Version 4.3.85-0: * CVE-2025-23392: Filter user input in systems list page. (bsc#1239826)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234541
Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2025-1860
openSUSE 15 Security Update : perl-Data-Entropy (openSUSE-SU-2025:0123-1)
Description: Nessus Plugin ID 234542 with Critical Severity Synopsis The remote openSUSE host is missing a security update. Description The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information.Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected perl-Data-Entropy package. Read more at https://www.tenable.com/plugins/nessus/234542

EPSS Score: 0.03%

Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2024-8176
SUSE SLES12 Security Update : expat (SUSE-SU-2025:1295-1)
Description: Nessus Plugin ID 234543 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1295-1 advisory. - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContextTenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected expat, libexpat-devel, libexpat1 and / or libexpat1-32bit packages. Read more at https://www.tenable.com/plugins/nessus/234543
Source: Tenable Plugins
April 17th, 2025 (4 days ago)

CVE-2024-12088
SUSE SLES12 Security Update : rsync (SUSE-SU-2025:1330-1)
Description: Nessus Plugin ID 234544 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1330-1 advisory. - Fixed bwlimit=0 option broken by CVE-2024-12088 fix (bsc#1239649).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected rsync package. Read more at https://www.tenable.com/plugins/nessus/234544
Source: Tenable Plugins
April 17th, 2025 (4 days ago)