11 matches found
Amazon Linux 2023 : libnpp-12, libnpp-devel-12 (ALAS2023NVIDIA-2025-200)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-200 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...
VulnCheck KEV: CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
ETH Exchange Rate Expectations for 2023-2025
By Owais Sultan For the current period, it is estimated that the value of Ethereum digital currency will continue to fall.… This is a post from HackRead.com Read the original post: ETH Exchange Rate Expectations for 2023-2025...
CVE-2023-46747
creationtimestamp| type| source ---|---|--- 2023-10-26 23:26:24+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/7935 2023-10-27 00:18:12+00:00| seen| https://t.me/cibsecurity/73013 2023-10-27 05:50:12+00:00| published-proof-of-concept| https://t.me/ptswarm/192 2023-10-27...
Johnson Controls OpenBlue Enterprise Manager Data Collector
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Enterprise Manager Data Collector Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...
CVE-2023-2025 Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...
CVE-2023-2025
OpenBlue Enterprise Manager Data Collector (Johnson Controls) firmware prior to 3.2.5.75 is affected. The ICS/NVD entries describe two related issues: (1) Improper authentication (CWE-287) where API calls may not require authentication, and (2) exposure of sensitive information to an unauthorized...
Amazon Linux 2 : java-17-amazon-corretto (ALAS-2023-2025)
The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.7+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2025 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
CVE-2021-40870
creationtimestamp| type| source ---|---|--- 2021-10-09 14:57:59+00:00| published-proof-of-concept| https://t.me/cKure/7558 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-04 07:43:01+00:00| seen| https://t.me/arpsyndicate/1149 2024-12-24 20:26:03+00:00| seen|...
CVE-2018-8414
creationtimestamp| type| source ---|---|--- 2018-08-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=316 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-03 16:50:11+00:00| seen| https://t.me/arpsyndicate/981 2024-12-24 20:29:12+00:00|...
CVE-2017-9798
creationtimestamp| type| source ---|---|--- 2017-09-20 16:36:06+00:00| seen| https://t.me/BleepingComputer/1758 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apacheoptionsbleed.rb 2022-02-18 16:23:37+00:00| seen|...