22 matches found
VulnCheck KEV: CVE-2025-12548
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
Eclipse Che machine-exec Unauthenticated RCE
This module exploits an unauthenticated remote code execution vulnerability in the Eclipse Che machine-exec service CVE-2025-12548. The machine-exec service, exposed on port 3333 within Red Hat OpenShift DevSpaces developer workspace containers, accepts WebSocket connections without authenticatio...
CVE-2025-12548
creationtimestamp| type| source ---|---|--- 2026-01-13 18:13:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcd5t7r76g2f 2026-01-13 18:14:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcd5v4dvbv2v 2026-01-14 14:33:11+00:00| seen|...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.1 Release.
Red Hat OpenShift Dev Spaces 3.23.1 has been released. This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.1 Release.
Red Hat OpenShift Dev Spaces 3.24.1 has been released. This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.22.1 Release.
Red Hat OpenShift Dev Spaces 3.22.1 has been released. This release addresses CVE-2025-12548 'Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333'...
CVE-2025-12548
No description is available for this CVE. Mitigation Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide: https://docs.redhat.com/en/documentation/redhatopenshiftdevspaces/3.24/html/administrationguide/security-best-practices...
CVE-2024-12548
Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability i...
CVE-2024-12548 Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability i...
CVE-2024-12548 Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability i...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12548)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12548 advisory. 4.14.35-2047.538.5.1 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755 Tenable has extracted the preceding description block...
CVE-2020-12548
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
CVE-2019-12548
Bludit before 3.9.0 is vulnerable to remote code execution by an authenticated user who uploads a PHP file while changing the site logo via /admin/ajax/upload-logo. Root cause: an upload path/permission issue allows execution of injected PHP. A fix is available in Bludit 3.9.0 (as referenced by r...
CVE-2018-12548
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code...
CVE-2018-12548
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code...
CVE-2018-12548
CVE-2018-12548 affects OpenJDK + Eclipse OpenJ9 0.11.0 builds. The issue lies in the public jdk.crypto.jniprovider.NativeCrypto class, which exposes public static native methods that accept pointer values dereferenced in native code, leading to potential fault/impact described by the CVE. Connect...
Ansible Arbitrary Code Execution Vulnerability (CNVD-2018-12548)
Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage and orchestrate computer systems. A security vulnerability exists in Ansible. An attacker can exploit this vulnerability to execute arbitrary code...
CVE-2017-12548
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...
CVE-2017-12548
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...
CVE-2017-12548
CVE-2017-12548 affects HPE System Management Homepage (SMH) on Windows and Linux before version 7.6.1. The issue is a local arbitrary command execution vulnerability that can be exploited by an attacker with local access and sufficient privileges to run arbitrary OS commands within SMH. According...