Lucene search
K

122 matches found

Chainguard
Chainguard
added 2026/07/01 2:16 p.m.6 views

CVE-2025-8037 vulnerabilities

Vulnerabilities for packages: firefox, firefox-esr...

9.1CVSS7AI score0.00217EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/30 7:38 a.m.17 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.4343EPSS
Exploits3
Circl
Circl
added 2026/06/05 10:19 a.m.12 views

CVE-2026-8037

creationtimestamp| type| source ---|---|--- 2026-06-05 10:19:13+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-552 2026-06-05 22:22:23+00:00| seen| https://social.tchncs.de/users/gborn/statuses/116699833514512441 2026-06-29 19:28:11+00:00| seen|...

9.8CVSS7.1AI score0.4343EPSS
In wildExploits3References53
NVD
NVD
added 2026/06/04 2:16 p.m.48 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.8CVSS0.4343EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/06/04 1:13 p.m.22 views

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS8AI score0.4343EPSS
Exploits3References1
CVE
CVE
added 2026/06/04 1:13 p.m.168 views

CVE-2026-8037

Progress ADC LoadMaster (Progress Kemp LoadMaster) is affected by an OS Command Injection vulnerability (CVE-2026-8037) that allows unauthenticated remote code execution via unsanitized input on multiple API endpoints. A detailed analysis in PT-2026-46231 attributes the root cause to a two-bug ch...

9.8CVSS6.1AI score0.4343EPSS
In wildExploits3References2Affected Software3
Circl
Circl
added 2026/04/13 5:57 p.m.7 views

CVE-2025-8037

creationtimestamp| type| source ---|---|--- 2026-04-13 17:57:07+00:00| published-proof-of-concept| Telegram/X7VHG2-47Qhhj8GB65kRLNGPkxuaTLxPWX3Bbqfyik...

9.1CVSS8.4AI score0.00217EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/02/16 12:24 p.m.14 views

Advisory ROSA-SA-2026-3202

Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...

5.5CVSS7.1AI score0.0087EPSS
Exploits1
Rosalinux
Rosalinux
added 2026/02/16 10:56 a.m.12 views

Advisory ROSA-SA-2026-3184

Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 unaffected versions = tcpdump-4.9.3-5.rv30 affected versions tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2020-8037 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PPP decoder in tcpdump allows an attacker to cause a large memory allocation...

7.5CVSS7.1AI score0.03071EPSS
Exploits0
OSV
OSV
added 2026/02/15 10:58 p.m.4 views

ECHO-8037-DF07-6304

Bulletin has no description...

7.8CVSS5AI score0.00129EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : tcpdump-4.9.3-2.el8 (AXSA:2021-2659:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2659:02 advisory. tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory CVE-2020-8037 Tenable has extracted the preceding description block directly...

7.5CVSS5.6AI score0.03071EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-8037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Note that Nessus relies on the presence of the packag...

7.5CVSS7AI score0.03071EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2025-8037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie include...

9.1CVSS7.3AI score0.00217EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.2 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2025:02546-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02546-1 advisory. Update to Mozilla Thunderbird 140.1 MFSA 2025-63 bsc1246664: - CVE-2025-8027: JavaScript engine...

9.8CVSS7.5AI score0.03123EPSS
Exploits0References53
SUSE CVE
SUSE CVE
added 2025/07/23 11:25 p.m.6 views

SUSE CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

5.4CVSS7.3AI score0.00217EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/07/23 12:0 a.m.2 views

Slackware: Security Advisory (SSA:2025-203-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.00472EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS7.3AI score0.00217EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/07/22 8:49 p.m.4 views

CVE-2025-8037 Nameless cookies shadow secure cookies

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

7.3AI score0.00217EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/07/22 8:49 p.m.7 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS8.3AI score0.00217EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.5 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

6.5CVSS6.6AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder