Lucene search
K

294 matches found

Vulnrichment
Vulnrichment
added 2025/09/04 6:34 p.m.6 views

CVE-2025-48552

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00096EPSS
Exploits0References2
CVE
CVE
added 2025/09/04 6:34 p.m.31 views

CVE-2025-48552

CVE-2025-48552 affects DevicePolicyManagerService.java, specifically the saveGlobalProxyLocked function. A logic error can cause desync from persistence, enabling local privilege escalation without extra execution privileges or user interaction. The vulnerability is described consistently across ...

7.8CVSS6.3AI score0.00096EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.15 views

PT-2025-36073

Name of the Vulnerable Software and Affected Versions: DevicePolicyManagerService.java affected versions not specified Description: A logic error in the saveGlobalProxyLocked function within DevicePolicyManagerService.java may allow for desynchronization from persistence. This could lead to local...

7.8CVSS6AI score0.00096EPSS
Exploits0References5
OSV
OSV
added 2025/09/01 12:0 a.m.11 views

ASB-A-365975561

In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00096EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-47905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client- side desync via HTTP/1 requests, because the product...

5.4CVSS6.4AI score0.003EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-30346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. CVE-2025-30346 Note that Nessus relies on the...

5.4CVSS5.6AI score0.00286EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-29547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This...

6.5CVSS7.6AI score0.00469EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/11 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-f7e5d2e40f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS7.5AI score0.003EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Fedora 41 : varnish (2025-f7e5d2e40f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f7e5d2e40f advisory. Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client-side desync vulnerability can be triggered in Varnish Cache. This vulnerabilit...

5.4CVSS6.1AI score0.003EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/08 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-525d870026)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS5.8AI score0.003EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Fedora 42 : varnish (2025-525d870026)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-525d870026 advisory. Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client-side desync vulnerability can be triggered in Varnish Cache. This vulnerabilit...

5.4CVSS6.1AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2025/07/10 5:15 p.m.8 views

AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS7.1AI score0.00516EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: varnish:6 (TSSA-2025:0419)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0419 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.4CVSS6.1AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 11:59 a.m.9 views

BIT-VARNISH-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS6.6AI score0.003EPSS
Exploits0References4
OSV
OSV
added 2025/05/23 2:0 p.m.2 views

OESA-2025-1556 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

5.4CVSS6.9AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 10:15 p.m.18 views

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

6.7AI score
Exploits0References3
NVD
NVD
added 2025/05/13 10:15 p.m.29 views

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS0.003EPSS
Exploits0References3
OSV
OSV
added 2025/05/13 10:15 p.m.2 views

ALPINE-CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS7AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2025/05/13 10:15 p.m.2 views

DEBIAN-CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS5.9AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2025/05/13 10:15 p.m.2 views

UBUNTU-CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS5.8AI score0.003EPSS
Exploits0References7
Rows per page
Query Builder