66 matches found
CVE-2026-25857
Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...
MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-8.el8 (AXSA:2022-3880:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3880:02 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 Tenable has extracted the preceding description block...
CVE-2021-25857
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...
CVE-2020-25857
The function ClientEAPOLKeyRecvd in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for an rtlmemcpy operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker c...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to org.yaml:snakeyaml Denial of Service (DoS)
Summary IBM Sterling Partner Engagement Manager uses org.yaml:snakeyaml Denial of Service , affected for the CVE CVE-2022-25857 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation...
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6179 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2023:7288)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7288 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...
Moderate: Red Hat Security Advisory: AMQ Clients 2023.Q4
An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...
Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2021-25857
creationtimestamp| type| source ---|---|--- 2023-08-11 18:16:58+00:00| seen| https://t.me/cibsecurity/68355...
CVE-2021-25857
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...
CVE-2021-25857
The CVE-2021-25857 issue affects pcmt superMicro-CMS version 3.11. An authenticated attacker can trigger arbitrary code execution via the font_type parameter in setup.php. Root cause and impact are described across multiple sources consistently, but no explicit remediation details (patch version ...
CVE-2021-25857
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...