122 matches found
CVE-2025-8037 vulnerabilities
Vulnerabilities for packages: firefox, firefox-esr...
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...
CVE-2026-8037
creationtimestamp| type| source ---|---|--- 2026-06-05 10:19:13+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-552 2026-06-05 22:22:23+00:00| seen| https://social.tchncs.de/users/gborn/statuses/116699833514512441 2026-06-29 19:28:11+00:00| seen|...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037
Progress ADC LoadMaster (Progress Kemp LoadMaster) is affected by an OS Command Injection vulnerability (CVE-2026-8037) that allows unauthenticated remote code execution via unsanitized input on multiple API endpoints. A detailed analysis in PT-2026-46231 attributes the root cause to a two-bug ch...
CVE-2025-8037
creationtimestamp| type| source ---|---|--- 2026-04-13 17:57:07+00:00| published-proof-of-concept| Telegram/X7VHG2-47Qhhj8GB65kRLNGPkxuaTLxPWX3Bbqfyik...
Advisory ROSA-SA-2026-3202
Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...
Advisory ROSA-SA-2026-3184
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 unaffected versions = tcpdump-4.9.3-5.rv30 affected versions tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2020-8037 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PPP decoder in tcpdump allows an attacker to cause a large memory allocation...
ECHO-8037-DF07-6304
Bulletin has no description...
MiracleLinux 8 : tcpdump-4.9.3-2.el8 (AXSA:2021-2659:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2659:02 advisory. tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory CVE-2020-8037 Tenable has extracted the preceding description block directly...
Linux Distros Unpatched Vulnerability : CVE-2020-8037
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Note that Nessus relies on the presence of the packag...
Linux Distros Unpatched Vulnerability : CVE-2025-8037
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie include...
SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2025:02546-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02546-1 advisory. Update to Mozilla Thunderbird 140.1 MFSA 2025-63 bsc1246664: - CVE-2025-8027: JavaScript engine...
SUSE CVE-2025-8037
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
Slackware: Security Advisory (SSA:2025-203-02)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-8037
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8037 Nameless cookies shadow secure cookies
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8037
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...